diff --git a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml index ea8f74532d..6a17e57489 100644 --- a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml +++ b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml index 5a830d22b0..212ee18615 100644 --- a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml +++ b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml b/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml index 8538ba9f9d..69c1ea14d8 100644 --- a/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml +++ b/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/apigee_v1beta1_apigeeenvironment.yaml b/crds/apigee_v1beta1_apigeeenvironment.yaml index 970ddabb72..2029731ba3 100644 --- a/crds/apigee_v1beta1_apigeeenvironment.yaml +++ b/crds/apigee_v1beta1_apigeeenvironment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/apigee_v1beta1_apigeeorganization.yaml b/crds/apigee_v1beta1_apigeeorganization.yaml index 7c7dc77605..12d35c77db 100644 --- a/crds/apigee_v1beta1_apigeeorganization.yaml +++ b/crds/apigee_v1beta1_apigeeorganization.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml b/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml index b61c85fcfd..8a9e0aea29 100644 --- a/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml +++ b/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -132,11 +132,108 @@ spec: Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' type: string type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: description: Immutable. Optional. The repositoryId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - format - location diff --git a/crds/bigquery_v1beta1_bigquerydataset.yaml b/crds/bigquery_v1beta1_bigquerydataset.yaml index b0101d8766..a13a5dc686 100644 --- a/crds/bigquery_v1beta1_bigquerydataset.yaml +++ b/crds/bigquery_v1beta1_bigquerydataset.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigquery_v1beta1_bigqueryjob.yaml b/crds/bigquery_v1beta1_bigqueryjob.yaml index cfaebf96b3..d8ac2e0910 100644 --- a/crds/bigquery_v1beta1_bigqueryjob.yaml +++ b/crds/bigquery_v1beta1_bigqueryjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigquery_v1beta1_bigqueryroutine.yaml b/crds/bigquery_v1beta1_bigqueryroutine.yaml index b346fb988f..bfd5e306b7 100644 --- a/crds/bigquery_v1beta1_bigqueryroutine.yaml +++ b/crds/bigquery_v1beta1_bigqueryroutine.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigquery_v1beta1_bigquerytable.yaml b/crds/bigquery_v1beta1_bigquerytable.yaml index 2016f0cce5..b56884a399 100644 --- a/crds/bigquery_v1beta1_bigquerytable.yaml +++ b/crds/bigquery_v1beta1_bigquerytable.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtableappprofile.yaml b/crds/bigtable_v1beta1_bigtableappprofile.yaml index 119120d560..3591140106 100644 --- a/crds/bigtable_v1beta1_bigtableappprofile.yaml +++ b/crds/bigtable_v1beta1_bigtableappprofile.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtablegcpolicy.yaml b/crds/bigtable_v1beta1_bigtablegcpolicy.yaml index 554f944fc2..797eecb7ba 100644 --- a/crds/bigtable_v1beta1_bigtablegcpolicy.yaml +++ b/crds/bigtable_v1beta1_bigtablegcpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtableinstance.yaml b/crds/bigtable_v1beta1_bigtableinstance.yaml index d13fe9e51e..30143b5c42 100644 --- a/crds/bigtable_v1beta1_bigtableinstance.yaml +++ b/crds/bigtable_v1beta1_bigtableinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtabletable.yaml b/crds/bigtable_v1beta1_bigtabletable.yaml index 0fa1b9e1ba..31743c0d30 100644 --- a/crds/bigtable_v1beta1_bigtabletable.yaml +++ b/crds/bigtable_v1beta1_bigtabletable.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml b/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml index f893b762f4..c90b877217 100644 --- a/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml +++ b/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml b/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml index 9dea99b249..0804bd4aec 100644 --- a/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml +++ b/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml b/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml index 92d2afc194..54ce4c05db 100644 --- a/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml +++ b/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml b/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml index a691a6e418..b4fc9200bd 100644 --- a/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml +++ b/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -83,6 +83,94 @@ spec: to be explicitly approved to start." type: boolean type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object build: description: Contents of the build template. Either a filename or build template must be provided. @@ -774,6 +862,38 @@ spec: One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: description: |- Name of the repository. For example: The name for diff --git a/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml b/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml index 7d7b8c2578..be249572fc 100644 --- a/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml +++ b/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml b/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml index 73700b7442..ba2de33429 100644 --- a/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml +++ b/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml b/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml index b4d7f7ffc0..dbf2a62a1f 100644 --- a/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml +++ b/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml b/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml index 3455250c3e..84d0561faa 100644 --- a/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml +++ b/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeaddress.yaml b/crds/compute_v1beta1_computeaddress.yaml index 8267beb1ef..27aab88dd5 100644 --- a/crds/compute_v1beta1_computeaddress.yaml +++ b/crds/compute_v1beta1_computeaddress.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -139,23 +139,24 @@ spec: type: integer purpose: description: |- - Immutable. The purpose of this resource, which can be one of the following values: + Immutable. The purpose of this resource, which can be one of the following values. * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, internal load balancers, and similar resources. + ranges, load balancers, and similar resources. * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. + internal load balancers. * VPC_PEERING for addresses that are reserved for VPC peer networks. - * IPSEC_INTERCONNECT for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud - Interconnect configuration. These addresses are regional resources. + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. - * PRIVATE_SERVICE_CONNECT for a private network address that is used - to configure Private Service Connect. Only global internal addresses - can use this purpose. This should only be set when using an Internal address. type: string diff --git a/crds/compute_v1beta1_computebackendbucket.yaml b/crds/compute_v1beta1_computebackendbucket.yaml index 52c5778e82..5397f6a154 100644 --- a/crds/compute_v1beta1_computebackendbucket.yaml +++ b/crds/compute_v1beta1_computebackendbucket.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computebackendservice.yaml b/crds/compute_v1beta1_computebackendservice.yaml index 1acc86004b..eed8e146f5 100644 --- a/crds/compute_v1beta1_computebackendservice.yaml +++ b/crds/compute_v1beta1_computebackendservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computedisk.yaml b/crds/compute_v1beta1_computedisk.yaml index 7370ee365d..32427a8b53 100644 --- a/crds/compute_v1beta1_computedisk.yaml +++ b/crds/compute_v1beta1_computedisk.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -196,6 +196,48 @@ spec: type: object type: object type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied diff --git a/crds/compute_v1beta1_computeexternalvpngateway.yaml b/crds/compute_v1beta1_computeexternalvpngateway.yaml index ea8ad82813..fb67b1dc4d 100644 --- a/crds/compute_v1beta1_computeexternalvpngateway.yaml +++ b/crds/compute_v1beta1_computeexternalvpngateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computefirewall.yaml b/crds/compute_v1beta1_computefirewall.yaml index e05ded3210..ae5952d397 100644 --- a/crds/compute_v1beta1_computefirewall.yaml +++ b/crds/compute_v1beta1_computefirewall.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computefirewallpolicy.yaml b/crds/compute_v1beta1_computefirewallpolicy.yaml index 21e756029c..c0af11ee84 100644 --- a/crds/compute_v1beta1_computefirewallpolicy.yaml +++ b/crds/compute_v1beta1_computefirewallpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computefirewallpolicyassociation.yaml b/crds/compute_v1beta1_computefirewallpolicyassociation.yaml index 4d16f58ac9..c0de6ef50f 100644 --- a/crds/compute_v1beta1_computefirewallpolicyassociation.yaml +++ b/crds/compute_v1beta1_computefirewallpolicyassociation.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computefirewallpolicyrule.yaml b/crds/compute_v1beta1_computefirewallpolicyrule.yaml index f3682e6896..ff4a921421 100644 --- a/crds/compute_v1beta1_computefirewallpolicyrule.yaml +++ b/crds/compute_v1beta1_computefirewallpolicyrule.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeforwardingrule.yaml b/crds/compute_v1beta1_computeforwardingrule.yaml index 52c844f5e6..12dc84ddb7 100644 --- a/crds/compute_v1beta1_computeforwardingrule.yaml +++ b/crds/compute_v1beta1_computeforwardingrule.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computehealthcheck.yaml b/crds/compute_v1beta1_computehealthcheck.yaml index cf7bf2da2e..d17c15e3df 100644 --- a/crds/compute_v1beta1_computehealthcheck.yaml +++ b/crds/compute_v1beta1_computehealthcheck.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computehttphealthcheck.yaml b/crds/compute_v1beta1_computehttphealthcheck.yaml index 91e304f5a7..786f142c98 100644 --- a/crds/compute_v1beta1_computehttphealthcheck.yaml +++ b/crds/compute_v1beta1_computehttphealthcheck.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computehttpshealthcheck.yaml b/crds/compute_v1beta1_computehttpshealthcheck.yaml index 5aa13c2c9d..6f16408143 100644 --- a/crds/compute_v1beta1_computehttpshealthcheck.yaml +++ b/crds/compute_v1beta1_computehttpshealthcheck.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeimage.yaml b/crds/compute_v1beta1_computeimage.yaml index 0c28a2877d..00a03c56cd 100644 --- a/crds/compute_v1beta1_computeimage.yaml +++ b/crds/compute_v1beta1_computeimage.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeinstance.yaml b/crds/compute_v1beta1_computeinstance.yaml index 0e2db59a28..92aa109341 100644 --- a/crds/compute_v1beta1_computeinstance.yaml +++ b/crds/compute_v1beta1_computeinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -783,6 +783,10 @@ spec: description: Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. diff --git a/crds/compute_v1beta1_computeinstancegroup.yaml b/crds/compute_v1beta1_computeinstancegroup.yaml index 9401b7df9f..5ce9e484dd 100644 --- a/crds/compute_v1beta1_computeinstancegroup.yaml +++ b/crds/compute_v1beta1_computeinstancegroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeinstancegroupmanager.yaml b/crds/compute_v1beta1_computeinstancegroupmanager.yaml index 85d1e878d1..bef2d4a83a 100644 --- a/crds/compute_v1beta1_computeinstancegroupmanager.yaml +++ b/crds/compute_v1beta1_computeinstancegroupmanager.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeinstancetemplate.yaml b/crds/compute_v1beta1_computeinstancetemplate.yaml index b856a86f88..4ce1c7eb6b 100644 --- a/crds/compute_v1beta1_computeinstancetemplate.yaml +++ b/crds/compute_v1beta1_computeinstancetemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -812,6 +812,10 @@ spec: description: Immutable. Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. diff --git a/crds/compute_v1beta1_computeinterconnectattachment.yaml b/crds/compute_v1beta1_computeinterconnectattachment.yaml index d1b8c66763..203353465c 100644 --- a/crds/compute_v1beta1_computeinterconnectattachment.yaml +++ b/crds/compute_v1beta1_computeinterconnectattachment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -111,19 +111,18 @@ spec: encryption: description: |- Immutable. Indicates the user-supplied encryption option of this interconnect - attachment: + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. - NONE is the default value, which means that the attachment carries - unencrypted traffic. VMs can send traffic to, or receive traffic - from, this type of attachment. + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. - IPSEC indicates that the attachment carries only traffic encrypted by - an IPsec device such as an HA VPN gateway. VMs cannot directly send - traffic to, or receive traffic from, such an attachment. To use - IPsec-encrypted Cloud Interconnect create the attachment using this - option. - - Not currently available publicly. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. type: string interconnect: description: |- diff --git a/crds/compute_v1beta1_computenetwork.yaml b/crds/compute_v1beta1_computenetwork.yaml index b2a586d694..448bc6183b 100644 --- a/crds/compute_v1beta1_computenetwork.yaml +++ b/crds/compute_v1beta1_computenetwork.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenetworkendpointgroup.yaml b/crds/compute_v1beta1_computenetworkendpointgroup.yaml index 1fa958e703..6cfff85486 100644 --- a/crds/compute_v1beta1_computenetworkendpointgroup.yaml +++ b/crds/compute_v1beta1_computenetworkendpointgroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenetworkpeering.yaml b/crds/compute_v1beta1_computenetworkpeering.yaml index cea4356e8c..3ce599938a 100644 --- a/crds/compute_v1beta1_computenetworkpeering.yaml +++ b/crds/compute_v1beta1_computenetworkpeering.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenodegroup.yaml b/crds/compute_v1beta1_computenodegroup.yaml index 39cea5e17c..248529df73 100644 --- a/crds/compute_v1beta1_computenodegroup.yaml +++ b/crds/compute_v1beta1_computenodegroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenodetemplate.yaml b/crds/compute_v1beta1_computenodetemplate.yaml index 4fac943201..eb526095b8 100644 --- a/crds/compute_v1beta1_computenodetemplate.yaml +++ b/crds/compute_v1beta1_computenodetemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computepacketmirroring.yaml b/crds/compute_v1beta1_computepacketmirroring.yaml index 77df705dcd..fb5e33758b 100644 --- a/crds/compute_v1beta1_computepacketmirroring.yaml +++ b/crds/compute_v1beta1_computepacketmirroring.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeprojectmetadata.yaml b/crds/compute_v1beta1_computeprojectmetadata.yaml index 1137558e9f..cd9fb6cd44 100644 --- a/crds/compute_v1beta1_computeprojectmetadata.yaml +++ b/crds/compute_v1beta1_computeprojectmetadata.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml b/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml index 62031f1784..08d83aa2ed 100644 --- a/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml +++ b/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computereservation.yaml b/crds/compute_v1beta1_computereservation.yaml index 0ecd6fad61..4dc4ed0333 100644 --- a/crds/compute_v1beta1_computereservation.yaml +++ b/crds/compute_v1beta1_computereservation.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeresourcepolicy.yaml b/crds/compute_v1beta1_computeresourcepolicy.yaml index 402fd21b3b..d080941f6b 100644 --- a/crds/compute_v1beta1_computeresourcepolicy.yaml +++ b/crds/compute_v1beta1_computeresourcepolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -91,6 +91,9 @@ spec: with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy attached. Possible values: ["COLLOCATED"]. type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer vmCount: description: |- Immutable. Number of VMs in this placement group. Google does not recommend that you use this field diff --git a/crds/compute_v1beta1_computeroute.yaml b/crds/compute_v1beta1_computeroute.yaml index 5d4bae9ffb..87497edb6e 100644 --- a/crds/compute_v1beta1_computeroute.yaml +++ b/crds/compute_v1beta1_computeroute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouter.yaml b/crds/compute_v1beta1_computerouter.yaml index 36aa0801f4..89341fd833 100644 --- a/crds/compute_v1beta1_computerouter.yaml +++ b/crds/compute_v1beta1_computerouter.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -121,11 +121,16 @@ spec: type: integer keepaliveInterval: description: |- - The interval in seconds between BGP keepalive messages that are sent to the peer. - Hold time is three times the interval at which keepalive messages are sent, and the hold time is the - maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. - BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for - the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20. + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. type: integer required: - asn @@ -135,10 +140,8 @@ spec: type: string encryptedInterconnectRouter: description: |- - Immutable. Field to indicate if a router is dedicated to use with encrypted - Interconnect Attachment (IPsec-encrypted Cloud Interconnect feature). - - Not currently available publicly. + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). type: boolean networkRef: description: A reference to the network to which this router belongs. diff --git a/crds/compute_v1beta1_computerouterinterface.yaml b/crds/compute_v1beta1_computerouterinterface.yaml index 9049659e4a..209ff0ceb1 100644 --- a/crds/compute_v1beta1_computerouterinterface.yaml +++ b/crds/compute_v1beta1_computerouterinterface.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouternat.yaml b/crds/compute_v1beta1_computerouternat.yaml index 3f15d939af..f06acdc2f4 100644 --- a/crds/compute_v1beta1_computerouternat.yaml +++ b/crds/compute_v1beta1_computerouternat.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouterpeer.yaml b/crds/compute_v1beta1_computerouterpeer.yaml index f6a5230500..01d9fc7296 100644 --- a/crds/compute_v1beta1_computerouterpeer.yaml +++ b/crds/compute_v1beta1_computerouterpeer.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesecuritypolicy.yaml b/crds/compute_v1beta1_computesecuritypolicy.yaml index 8879f503af..16d7d101b3 100644 --- a/crds/compute_v1beta1_computesecuritypolicy.yaml +++ b/crds/compute_v1beta1_computesecuritypolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -471,6 +471,24 @@ spec: description: Determines the key to enforce the rateLimitThreshold on. type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header diff --git a/crds/compute_v1beta1_computeserviceattachment.yaml b/crds/compute_v1beta1_computeserviceattachment.yaml index a6936b32dd..457798d0a6 100644 --- a/crds/compute_v1beta1_computeserviceattachment.yaml +++ b/crds/compute_v1beta1_computeserviceattachment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computesharedvpchostproject.yaml b/crds/compute_v1beta1_computesharedvpchostproject.yaml index 72bae0a268..a50c4f1eb3 100644 --- a/crds/compute_v1beta1_computesharedvpchostproject.yaml +++ b/crds/compute_v1beta1_computesharedvpchostproject.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesharedvpcserviceproject.yaml b/crds/compute_v1beta1_computesharedvpcserviceproject.yaml index 5875e7b4f0..b7be75ea6d 100644 --- a/crds/compute_v1beta1_computesharedvpcserviceproject.yaml +++ b/crds/compute_v1beta1_computesharedvpcserviceproject.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71,6 +71,11 @@ spec: type: object spec: properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string projectRef: oneOf: - not: diff --git a/crds/compute_v1beta1_computesnapshot.yaml b/crds/compute_v1beta1_computesnapshot.yaml index 696ca1606b..b306887216 100644 --- a/crds/compute_v1beta1_computesnapshot.yaml +++ b/crds/compute_v1beta1_computesnapshot.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesslcertificate.yaml b/crds/compute_v1beta1_computesslcertificate.yaml index 738c8a858b..2b757ed369 100644 --- a/crds/compute_v1beta1_computesslcertificate.yaml +++ b/crds/compute_v1beta1_computesslcertificate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesslpolicy.yaml b/crds/compute_v1beta1_computesslpolicy.yaml index 2cf937b978..105ff65b89 100644 --- a/crds/compute_v1beta1_computesslpolicy.yaml +++ b/crds/compute_v1beta1_computesslpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesubnetwork.yaml b/crds/compute_v1beta1_computesubnetwork.yaml index f481f3a8d8..d376c1a8cd 100644 --- a/crds/compute_v1beta1_computesubnetwork.yaml +++ b/crds/compute_v1beta1_computesubnetwork.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetgrpcproxy.yaml b/crds/compute_v1beta1_computetargetgrpcproxy.yaml index 15c38428d7..bbbdeddccc 100644 --- a/crds/compute_v1beta1_computetargetgrpcproxy.yaml +++ b/crds/compute_v1beta1_computetargetgrpcproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargethttpproxy.yaml b/crds/compute_v1beta1_computetargethttpproxy.yaml index bfd1dac49f..3fe737ea1b 100644 --- a/crds/compute_v1beta1_computetargethttpproxy.yaml +++ b/crds/compute_v1beta1_computetargethttpproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargethttpsproxy.yaml b/crds/compute_v1beta1_computetargethttpsproxy.yaml index 184678b318..ea43191f3f 100644 --- a/crds/compute_v1beta1_computetargethttpsproxy.yaml +++ b/crds/compute_v1beta1_computetargethttpsproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetinstance.yaml b/crds/compute_v1beta1_computetargetinstance.yaml index 3040f0e22b..1ec79776ed 100644 --- a/crds/compute_v1beta1_computetargetinstance.yaml +++ b/crds/compute_v1beta1_computetargetinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetpool.yaml b/crds/compute_v1beta1_computetargetpool.yaml index 463b576b63..5cfcea9de7 100644 --- a/crds/compute_v1beta1_computetargetpool.yaml +++ b/crds/compute_v1beta1_computetargetpool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetsslproxy.yaml b/crds/compute_v1beta1_computetargetsslproxy.yaml index feeb31c0fe..16ede4120c 100644 --- a/crds/compute_v1beta1_computetargetsslproxy.yaml +++ b/crds/compute_v1beta1_computetargetsslproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargettcpproxy.yaml b/crds/compute_v1beta1_computetargettcpproxy.yaml index 2e927012ef..81a088b59a 100644 --- a/crds/compute_v1beta1_computetargettcpproxy.yaml +++ b/crds/compute_v1beta1_computetargettcpproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetvpngateway.yaml b/crds/compute_v1beta1_computetargetvpngateway.yaml index a883189466..a640e42205 100644 --- a/crds/compute_v1beta1_computetargetvpngateway.yaml +++ b/crds/compute_v1beta1_computetargetvpngateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeurlmap.yaml b/crds/compute_v1beta1_computeurlmap.yaml index 49ad1c4fa4..1a4bb6de2d 100644 --- a/crds/compute_v1beta1_computeurlmap.yaml +++ b/crds/compute_v1beta1_computeurlmap.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computevpngateway.yaml b/crds/compute_v1beta1_computevpngateway.yaml index f4572f44a4..75a91bc54d 100644 --- a/crds/compute_v1beta1_computevpngateway.yaml +++ b/crds/compute_v1beta1_computevpngateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computevpntunnel.yaml b/crds/compute_v1beta1_computevpntunnel.yaml index 78e2cd4587..9864645c37 100644 --- a/crds/compute_v1beta1_computevpntunnel.yaml +++ b/crds/compute_v1beta1_computevpntunnel.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/configcontroller_v1beta1_configcontrollerinstance.yaml b/crds/configcontroller_v1beta1_configcontrollerinstance.yaml index e3af5e1927..fde82b54bf 100644 --- a/crds/configcontroller_v1beta1_configcontrollerinstance.yaml +++ b/crds/configcontroller_v1beta1_configcontrollerinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/container_v1beta1_containercluster.yaml b/crds/container_v1beta1_containercluster.yaml index 23cdaccd67..45eefbd299 100644 --- a/crds/container_v1beta1_containercluster.yaml +++ b/crds/container_v1beta1_containercluster.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1025,6 +1025,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -1436,6 +1440,26 @@ spec: By default, no private IPv6 access to or from Google Services (all access will be via IPv4). type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object releaseChannel: description: Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. diff --git a/crds/container_v1beta1_containernodepool.yaml b/crds/container_v1beta1_containernodepool.yaml index 5f7aa78b7c..3964895fd6 100644 --- a/crds/container_v1beta1_containernodepool.yaml +++ b/crds/container_v1beta1_containernodepool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -307,6 +307,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object diff --git a/crds/containeranalysis_v1beta1_containeranalysisnote.yaml b/crds/containeranalysis_v1beta1_containeranalysisnote.yaml index fb03953b92..f20f01a298 100644 --- a/crds/containeranalysis_v1beta1_containeranalysisnote.yaml +++ b/crds/containeranalysis_v1beta1_containeranalysisnote.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml b/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml index 24572db9c1..a50d085909 100644 --- a/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml +++ b/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml b/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml index 1c380bf4af..625985c793 100644 --- a/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml +++ b/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml b/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml index fe016086cc..bb48bc6d3b 100644 --- a/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml +++ b/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dataflow_v1beta1_dataflowjob.yaml b/crds/dataflow_v1beta1_dataflowjob.yaml index 672d202b1f..3a7be0fc8c 100644 --- a/crds/dataflow_v1beta1_dataflowjob.yaml +++ b/crds/dataflow_v1beta1_dataflowjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/datafusion_v1beta1_datafusioninstance.yaml b/crds/datafusion_v1beta1_datafusioninstance.yaml index fc40100fb0..c111f96375 100644 --- a/crds/datafusion_v1beta1_datafusioninstance.yaml +++ b/crds/datafusion_v1beta1_datafusioninstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml b/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml index 32e45a94f1..c8fec0b2f8 100644 --- a/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml +++ b/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dataproc_v1beta1_dataproccluster.yaml b/crds/dataproc_v1beta1_dataproccluster.yaml index 228620b536..1a457c5279 100644 --- a/crds/dataproc_v1beta1_dataproccluster.yaml +++ b/crds/dataproc_v1beta1_dataproccluster.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml b/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml index 5ddae2d85b..95b5f8a071 100644 --- a/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml +++ b/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml b/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml index cb1887fbad..dd760f83b5 100644 --- a/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml +++ b/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpinspecttemplate.yaml b/crds/dlp_v1beta1_dlpinspecttemplate.yaml index c3b095c7dd..6b24dfbec4 100644 --- a/crds/dlp_v1beta1_dlpinspecttemplate.yaml +++ b/crds/dlp_v1beta1_dlpinspecttemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpjobtrigger.yaml b/crds/dlp_v1beta1_dlpjobtrigger.yaml index efc088b999..638323d8de 100644 --- a/crds/dlp_v1beta1_dlpjobtrigger.yaml +++ b/crds/dlp_v1beta1_dlpjobtrigger.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpstoredinfotype.yaml b/crds/dlp_v1beta1_dlpstoredinfotype.yaml index ec2cfcd30b..2992e5c18b 100644 --- a/crds/dlp_v1beta1_dlpstoredinfotype.yaml +++ b/crds/dlp_v1beta1_dlpstoredinfotype.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dns_v1beta1_dnsmanagedzone.yaml b/crds/dns_v1beta1_dnsmanagedzone.yaml index 9925a06d54..ff34cfc58f 100644 --- a/crds/dns_v1beta1_dnsmanagedzone.yaml +++ b/crds/dns_v1beta1_dnsmanagedzone.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dns_v1beta1_dnspolicy.yaml b/crds/dns_v1beta1_dnspolicy.yaml index f419386801..13a0d5d668 100644 --- a/crds/dns_v1beta1_dnspolicy.yaml +++ b/crds/dns_v1beta1_dnspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dns_v1beta1_dnsrecordset.yaml b/crds/dns_v1beta1_dnsrecordset.yaml index 28b0fc6602..5b66ab20d9 100644 --- a/crds/dns_v1beta1_dnsrecordset.yaml +++ b/crds/dns_v1beta1_dnsrecordset.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/eventarc_v1beta1_eventarctrigger.yaml b/crds/eventarc_v1beta1_eventarctrigger.yaml index 3f0c42aef7..c81a80cb76 100644 --- a/crds/eventarc_v1beta1_eventarctrigger.yaml +++ b/crds/eventarc_v1beta1_eventarctrigger.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/filestore_v1beta1_filestorebackup.yaml b/crds/filestore_v1beta1_filestorebackup.yaml index 00c6076d75..157fb678c4 100644 --- a/crds/filestore_v1beta1_filestorebackup.yaml +++ b/crds/filestore_v1beta1_filestorebackup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/filestore_v1beta1_filestoreinstance.yaml b/crds/filestore_v1beta1_filestoreinstance.yaml index 6323177b22..a72738d127 100644 --- a/crds/filestore_v1beta1_filestoreinstance.yaml +++ b/crds/filestore_v1beta1_filestoreinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/firestore_v1beta1_firestoreindex.yaml b/crds/firestore_v1beta1_firestoreindex.yaml index 9b8e5f1957..3d64d196fb 100644 --- a/crds/firestore_v1beta1_firestoreindex.yaml +++ b/crds/firestore_v1beta1_firestoreindex.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/gkehub_v1beta1_gkehubfeature.yaml b/crds/gkehub_v1beta1_gkehubfeature.yaml index a325bcb6b0..c98a63e99d 100644 --- a/crds/gkehub_v1beta1_gkehubfeature.yaml +++ b/crds/gkehub_v1beta1_gkehubfeature.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml b/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml index aae54fc8aa..da04e996ff 100644 --- a/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml +++ b/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -348,8 +348,8 @@ spec: description: Manage Mesh Features properties: controlPlane: - description: 'Whether to automatically manage Service Mesh control - planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL' type: string management: diff --git a/crds/gkehub_v1beta1_gkehubmembership.yaml b/crds/gkehub_v1beta1_gkehubmembership.yaml index 7caf0cf446..6237f76138 100644 --- a/crds/gkehub_v1beta1_gkehubmembership.yaml +++ b/crds/gkehub_v1beta1_gkehubmembership.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamaccessboundarypolicy.yaml b/crds/iam_v1beta1_iamaccessboundarypolicy.yaml new file mode 100644 index 0000000000..2c89382da0 --- /dev/null +++ b/crds/iam_v1beta1_iamaccessboundarypolicy.yaml @@ -0,0 +1,213 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/iam_v1beta1_iamauditconfig.yaml b/crds/iam_v1beta1_iamauditconfig.yaml index 6efdbfdffe..7ea09cf814 100644 --- a/crds/iam_v1beta1_iamauditconfig.yaml +++ b/crds/iam_v1beta1_iamauditconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamcustomrole.yaml b/crds/iam_v1beta1_iamcustomrole.yaml index c3d884a1fe..cb344e5b92 100644 --- a/crds/iam_v1beta1_iamcustomrole.yaml +++ b/crds/iam_v1beta1_iamcustomrole.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iampartialpolicy.yaml b/crds/iam_v1beta1_iampartialpolicy.yaml index 1d66941e0a..cb6b33a2df 100644 --- a/crds/iam_v1beta1_iampartialpolicy.yaml +++ b/crds/iam_v1beta1_iampartialpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iampolicy.yaml b/crds/iam_v1beta1_iampolicy.yaml index 775be7bcd7..7582f15c94 100644 --- a/crds/iam_v1beta1_iampolicy.yaml +++ b/crds/iam_v1beta1_iampolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iampolicymember.yaml b/crds/iam_v1beta1_iampolicymember.yaml index e458384b21..9fdc270f53 100644 --- a/crds/iam_v1beta1_iampolicymember.yaml +++ b/crds/iam_v1beta1_iampolicymember.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamserviceaccount.yaml b/crds/iam_v1beta1_iamserviceaccount.yaml index c9f8cb1a56..6fbdcf733e 100644 --- a/crds/iam_v1beta1_iamserviceaccount.yaml +++ b/crds/iam_v1beta1_iamserviceaccount.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamserviceaccountkey.yaml b/crds/iam_v1beta1_iamserviceaccountkey.yaml index f4b1c84385..aed7e4656e 100644 --- a/crds/iam_v1beta1_iamserviceaccountkey.yaml +++ b/crds/iam_v1beta1_iamserviceaccountkey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamworkforcepool.yaml b/crds/iam_v1beta1_iamworkforcepool.yaml index 16f974c4a1..dc6c022c95 100644 --- a/crds/iam_v1beta1_iamworkforcepool.yaml +++ b/crds/iam_v1beta1_iamworkforcepool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamworkforcepoolprovider.yaml b/crds/iam_v1beta1_iamworkforcepoolprovider.yaml index 0cc0f35383..0e69fccbbb 100644 --- a/crds/iam_v1beta1_iamworkforcepoolprovider.yaml +++ b/crds/iam_v1beta1_iamworkforcepoolprovider.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamworkloadidentitypool.yaml b/crds/iam_v1beta1_iamworkloadidentitypool.yaml index 798acd16c3..e56e93605f 100644 --- a/crds/iam_v1beta1_iamworkloadidentitypool.yaml +++ b/crds/iam_v1beta1_iamworkloadidentitypool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml b/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml index 648b48e0ad..8770e0bdb0 100644 --- a/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml +++ b/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iap_v1beta1_iapbrand.yaml b/crds/iap_v1beta1_iapbrand.yaml index f2ee01ddcf..6cb9cf0e21 100644 --- a/crds/iap_v1beta1_iapbrand.yaml +++ b/crds/iap_v1beta1_iapbrand.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iap_v1beta1_iapidentityawareproxyclient.yaml b/crds/iap_v1beta1_iapidentityawareproxyclient.yaml index bc569a62e5..33223eccdd 100644 --- a/crds/iap_v1beta1_iapidentityawareproxyclient.yaml +++ b/crds/iap_v1beta1_iapidentityawareproxyclient.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformconfig.yaml b/crds/identityplatform_v1beta1_identityplatformconfig.yaml index 96f19b1b93..38f1de95bf 100644 --- a/crds/identityplatform_v1beta1_identityplatformconfig.yaml +++ b/crds/identityplatform_v1beta1_identityplatformconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml b/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml index 7dfa5952c0..b333f3f3da 100644 --- a/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml +++ b/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformtenant.yaml b/crds/identityplatform_v1beta1_identityplatformtenant.yaml index c23903f879..93b07cc231 100644 --- a/crds/identityplatform_v1beta1_identityplatformtenant.yaml +++ b/crds/identityplatform_v1beta1_identityplatformtenant.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml b/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml index 1e517711ad..9ee3dcc566 100644 --- a/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml +++ b/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/kms_v1beta1_kmscryptokey.yaml b/crds/kms_v1beta1_kmscryptokey.yaml index 680d137f4e..e185e92f6b 100644 --- a/crds/kms_v1beta1_kmscryptokey.yaml +++ b/crds/kms_v1beta1_kmscryptokey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/kms_v1beta1_kmskeyring.yaml b/crds/kms_v1beta1_kmskeyring.yaml index a745455657..bd223ba245 100644 --- a/crds/kms_v1beta1_kmskeyring.yaml +++ b/crds/kms_v1beta1_kmskeyring.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/logging_v1beta1_logginglogbucket.yaml b/crds/logging_v1beta1_logginglogbucket.yaml index 7929ea9457..3678f05726 100644 --- a/crds/logging_v1beta1_logginglogbucket.yaml +++ b/crds/logging_v1beta1_logginglogbucket.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/logging_v1beta1_logginglogexclusion.yaml b/crds/logging_v1beta1_logginglogexclusion.yaml index 0f69f10a8c..f438e0c604 100644 --- a/crds/logging_v1beta1_logginglogexclusion.yaml +++ b/crds/logging_v1beta1_logginglogexclusion.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/logging_v1beta1_logginglogmetric.yaml b/crds/logging_v1beta1_logginglogmetric.yaml index 3335bd7ffe..c8855d278d 100644 --- a/crds/logging_v1beta1_logginglogmetric.yaml +++ b/crds/logging_v1beta1_logginglogmetric.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/logging_v1beta1_logginglogsink.yaml b/crds/logging_v1beta1_logginglogsink.yaml index 71b484d437..96a3f6e627 100644 --- a/crds/logging_v1beta1_logginglogsink.yaml +++ b/crds/logging_v1beta1_logginglogsink.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/logging_v1beta1_logginglogview.yaml b/crds/logging_v1beta1_logginglogview.yaml index 0a6bab693c..b36f1b4211 100644 --- a/crds/logging_v1beta1_logginglogview.yaml +++ b/crds/logging_v1beta1_logginglogview.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/memcache_v1beta1_memcacheinstance.yaml b/crds/memcache_v1beta1_memcacheinstance.yaml index d6f932193b..eb75469fb6 100644 --- a/crds/memcache_v1beta1_memcacheinstance.yaml +++ b/crds/memcache_v1beta1_memcacheinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/monitoring_v1beta1_monitoringalertpolicy.yaml b/crds/monitoring_v1beta1_monitoringalertpolicy.yaml index 01f83e6184..938f0c8032 100644 --- a/crds/monitoring_v1beta1_monitoringalertpolicy.yaml +++ b/crds/monitoring_v1beta1_monitoringalertpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/monitoring_v1beta1_monitoringdashboard.yaml b/crds/monitoring_v1beta1_monitoringdashboard.yaml index c01667c7bb..9fe4feb692 100644 --- a/crds/monitoring_v1beta1_monitoringdashboard.yaml +++ b/crds/monitoring_v1beta1_monitoringdashboard.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringgroup.yaml b/crds/monitoring_v1beta1_monitoringgroup.yaml index 11eb46b0ac..8f40063008 100644 --- a/crds/monitoring_v1beta1_monitoringgroup.yaml +++ b/crds/monitoring_v1beta1_monitoringgroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml b/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml index 537fba45db..d754a7e023 100644 --- a/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml +++ b/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml b/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml index ab74917dc8..4e013edfb7 100644 --- a/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml +++ b/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml b/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml index 02fbe2a376..8898eaa4c6 100644 --- a/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml +++ b/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/monitoring_v1beta1_monitoringservice.yaml b/crds/monitoring_v1beta1_monitoringservice.yaml index deae394668..b04f56985c 100644 --- a/crds/monitoring_v1beta1_monitoringservice.yaml +++ b/crds/monitoring_v1beta1_monitoringservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml b/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml index 6b17f4f856..d27d6408c3 100644 --- a/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml +++ b/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml b/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml index 82311231d1..f3e2bb668e 100644 --- a/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml +++ b/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml b/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml index 84c7a71e4c..9d50e95849 100644 --- a/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml +++ b/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml b/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml index 3cf24b8409..03ec005173 100644 --- a/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml +++ b/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml b/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml index 7754693f1b..3565ef2f2f 100644 --- a/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml +++ b/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml b/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml index 444d4f04cf..ec89c5994d 100644 --- a/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml +++ b/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml b/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml index bc9845faa6..95de9e86bb 100644 --- a/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml +++ b/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml b/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml index 704e6d3282..93f35b9efa 100644 --- a/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml +++ b/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesgateway.yaml b/crds/networkservices_v1beta1_networkservicesgateway.yaml index a413ab3270..0dfacf8836 100644 --- a/crds/networkservices_v1beta1_networkservicesgateway.yaml +++ b/crds/networkservices_v1beta1_networkservicesgateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml b/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml index b0e0eb2eaf..49cee89bc9 100644 --- a/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml +++ b/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkserviceshttproute.yaml b/crds/networkservices_v1beta1_networkserviceshttproute.yaml index 768d05715d..1812a39809 100644 --- a/crds/networkservices_v1beta1_networkserviceshttproute.yaml +++ b/crds/networkservices_v1beta1_networkserviceshttproute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesmesh.yaml b/crds/networkservices_v1beta1_networkservicesmesh.yaml index 6079dcd311..2beeb2a729 100644 --- a/crds/networkservices_v1beta1_networkservicesmesh.yaml +++ b/crds/networkservices_v1beta1_networkservicesmesh.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicestcproute.yaml b/crds/networkservices_v1beta1_networkservicestcproute.yaml index d38c890150..13094a95cc 100644 --- a/crds/networkservices_v1beta1_networkservicestcproute.yaml +++ b/crds/networkservices_v1beta1_networkservicestcproute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicestlsroute.yaml b/crds/networkservices_v1beta1_networkservicestlsroute.yaml index 4afc140e7c..2ac7b7c142 100644 --- a/crds/networkservices_v1beta1_networkservicestlsroute.yaml +++ b/crds/networkservices_v1beta1_networkservicestlsroute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/osconfig_v1beta1_osconfigguestpolicy.yaml b/crds/osconfig_v1beta1_osconfigguestpolicy.yaml index 8cbfa01fea..3a1e63f16b 100644 --- a/crds/osconfig_v1beta1_osconfigguestpolicy.yaml +++ b/crds/osconfig_v1beta1_osconfigguestpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml b/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml index de0e2f02c5..5a27525dae 100644 --- a/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml +++ b/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/privateca_v1beta1_privatecacapool.yaml b/crds/privateca_v1beta1_privatecacapool.yaml index d82b9bde4e..23c1532c16 100644 --- a/crds/privateca_v1beta1_privatecacapool.yaml +++ b/crds/privateca_v1beta1_privatecacapool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/privateca_v1beta1_privatecacertificate.yaml b/crds/privateca_v1beta1_privatecacertificate.yaml index bf4c778ca5..5118a89ec2 100644 --- a/crds/privateca_v1beta1_privatecacertificate.yaml +++ b/crds/privateca_v1beta1_privatecacertificate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/privateca_v1beta1_privatecacertificateauthority.yaml b/crds/privateca_v1beta1_privatecacertificateauthority.yaml index 2e642ad526..ef15e8f4c8 100644 --- a/crds/privateca_v1beta1_privatecacertificateauthority.yaml +++ b/crds/privateca_v1beta1_privatecacertificateauthority.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/privateca_v1beta1_privatecacertificatetemplate.yaml b/crds/privateca_v1beta1_privatecacertificatetemplate.yaml index 2e3062c77f..d9659d02d1 100644 --- a/crds/privateca_v1beta1_privatecacertificatetemplate.yaml +++ b/crds/privateca_v1beta1_privatecacertificatetemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/pubsub_v1beta1_pubsubschema.yaml b/crds/pubsub_v1beta1_pubsubschema.yaml index 24915ac03c..c1bf17c878 100644 --- a/crds/pubsub_v1beta1_pubsubschema.yaml +++ b/crds/pubsub_v1beta1_pubsubschema.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/pubsub_v1beta1_pubsubsubscription.yaml b/crds/pubsub_v1beta1_pubsubsubscription.yaml index 7711e5a00f..16437b7bb2 100644 --- a/crds/pubsub_v1beta1_pubsubsubscription.yaml +++ b/crds/pubsub_v1beta1_pubsubsubscription.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/pubsub_v1beta1_pubsubtopic.yaml b/crds/pubsub_v1beta1_pubsubtopic.yaml index 00127b3cfd..92b28d340c 100644 --- a/crds/pubsub_v1beta1_pubsubtopic.yaml +++ b/crds/pubsub_v1beta1_pubsubtopic.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/pubsublite_v1beta1_pubsublitereservation.yaml b/crds/pubsublite_v1beta1_pubsublitereservation.yaml index 5c4982dad3..1923c2e628 100644 --- a/crds/pubsublite_v1beta1_pubsublitereservation.yaml +++ b/crds/pubsublite_v1beta1_pubsublitereservation.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml b/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml index b6e18d876e..7b9723da87 100644 --- a/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml +++ b/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/redis_v1beta1_redisinstance.yaml b/crds/redis_v1beta1_redisinstance.yaml index 7aeceadd9c..24f3acb323 100644 --- a/crds/redis_v1beta1_redisinstance.yaml +++ b/crds/redis_v1beta1_redisinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_folder.yaml b/crds/resourcemanager_v1beta1_folder.yaml index 74e7c213b1..01c0b64762 100644 --- a/crds/resourcemanager_v1beta1_folder.yaml +++ b/crds/resourcemanager_v1beta1_folder.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_project.yaml b/crds/resourcemanager_v1beta1_project.yaml index 882224f340..3863e9663f 100644 --- a/crds/resourcemanager_v1beta1_project.yaml +++ b/crds/resourcemanager_v1beta1_project.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml b/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml index 12ec18865b..dcc0fd0e3e 100644 --- a/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml +++ b/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml b/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml index c5e77eb4a4..ed67526688 100644 --- a/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml +++ b/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/run_v1beta1_runservice.yaml b/crds/run_v1beta1_runservice.yaml index e7abb0e5e4..ecd06b5422 100644 --- a/crds/run_v1beta1_runservice.yaml +++ b/crds/run_v1beta1_runservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/secretmanager_v1beta1_secretmanagersecret.yaml b/crds/secretmanager_v1beta1_secretmanagersecret.yaml index 0e5356e6a0..9b7fcaaf0a 100644 --- a/crds/secretmanager_v1beta1_secretmanagersecret.yaml +++ b/crds/secretmanager_v1beta1_secretmanagersecret.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml b/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml index 0bf063afe8..2d2fed753d 100644 --- a/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml +++ b/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml b/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml index 6aedaaf787..0d554a41a8 100644 --- a/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml +++ b/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml b/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml index 9ac27ec7a9..b5831a5645 100644 --- a/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml +++ b/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml b/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml index 67f84accc1..2788494667 100644 --- a/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml +++ b/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml b/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml index 5df12d2b5b..0a6e50e82a 100644 --- a/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml +++ b/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/serviceusage_v1beta1_service.yaml b/crds/serviceusage_v1beta1_service.yaml index d5c68b1db4..fe01551416 100644 --- a/crds/serviceusage_v1beta1_service.yaml +++ b/crds/serviceusage_v1beta1_service.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/serviceusage_v1beta1_serviceidentity.yaml b/crds/serviceusage_v1beta1_serviceidentity.yaml index fa63354ed4..fad176e7b5 100644 --- a/crds/serviceusage_v1beta1_serviceidentity.yaml +++ b/crds/serviceusage_v1beta1_serviceidentity.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sourcerepo_v1beta1_sourcereporepository.yaml b/crds/sourcerepo_v1beta1_sourcereporepository.yaml index db368f3f3a..80fee169e9 100644 --- a/crds/sourcerepo_v1beta1_sourcereporepository.yaml +++ b/crds/sourcerepo_v1beta1_sourcereporepository.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/spanner_v1beta1_spannerdatabase.yaml b/crds/spanner_v1beta1_spannerdatabase.yaml index b0b0cf1761..10204166ae 100644 --- a/crds/spanner_v1beta1_spannerdatabase.yaml +++ b/crds/spanner_v1beta1_spannerdatabase.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/spanner_v1beta1_spannerinstance.yaml b/crds/spanner_v1beta1_spannerinstance.yaml index f38408dd90..eae6456b9a 100644 --- a/crds/spanner_v1beta1_spannerinstance.yaml +++ b/crds/spanner_v1beta1_spannerinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqldatabase.yaml b/crds/sql_v1beta1_sqldatabase.yaml index da8d1fc5f1..c10b07cacc 100644 --- a/crds/sql_v1beta1_sqldatabase.yaml +++ b/crds/sql_v1beta1_sqldatabase.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqlinstance.yaml b/crds/sql_v1beta1_sqlinstance.yaml index 39d08fdae7..e89430480e 100644 --- a/crds/sql_v1beta1_sqlinstance.yaml +++ b/crds/sql_v1beta1_sqlinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -107,6 +107,10 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string maintenanceVersion: description: Maintenance version. type: string diff --git a/crds/sql_v1beta1_sqlsslcert.yaml b/crds/sql_v1beta1_sqlsslcert.yaml index 5c809daed1..0dfaf1ef77 100644 --- a/crds/sql_v1beta1_sqlsslcert.yaml +++ b/crds/sql_v1beta1_sqlsslcert.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqluser.yaml b/crds/sql_v1beta1_sqluser.yaml index 0836ad55a7..09d8760ed9 100644 --- a/crds/sql_v1beta1_sqluser.yaml +++ b/crds/sql_v1beta1_sqluser.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagebucket.yaml b/crds/storage_v1beta1_storagebucket.yaml index 1a644fd46e..d016d31685 100644 --- a/crds/storage_v1beta1_storagebucket.yaml +++ b/crds/storage_v1beta1_storagebucket.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagebucketaccesscontrol.yaml b/crds/storage_v1beta1_storagebucketaccesscontrol.yaml index 159ca079bb..1eca98a255 100644 --- a/crds/storage_v1beta1_storagebucketaccesscontrol.yaml +++ b/crds/storage_v1beta1_storagebucketaccesscontrol.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml b/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml index 856be67fba..aec6d0a1db 100644 --- a/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml +++ b/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagenotification.yaml b/crds/storage_v1beta1_storagenotification.yaml index 0e11726263..4ad2b4e6f4 100644 --- a/crds/storage_v1beta1_storagenotification.yaml +++ b/crds/storage_v1beta1_storagenotification.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storagetransfer_v1beta1_storagetransferjob.yaml b/crds/storagetransfer_v1beta1_storagetransferjob.yaml index 4724704c34..6b4c333ea8 100644 --- a/crds/storagetransfer_v1beta1_storagetransferjob.yaml +++ b/crds/storagetransfer_v1beta1_storagetransferjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -526,6 +526,16 @@ spec: required: - rootDirectory type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string transferOptions: description: Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink diff --git a/crds/tags_v1beta1_tagstagbinding.yaml b/crds/tags_v1beta1_tagstagbinding.yaml index 1a11e69981..ef3c34b8cc 100644 --- a/crds/tags_v1beta1_tagstagbinding.yaml +++ b/crds/tags_v1beta1_tagstagbinding.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/tags_v1beta1_tagstagkey.yaml b/crds/tags_v1beta1_tagstagkey.yaml index e6ae84721b..bdc7fa217c 100644 --- a/crds/tags_v1beta1_tagstagkey.yaml +++ b/crds/tags_v1beta1_tagstagkey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/tags_v1beta1_tagstagvalue.yaml b/crds/tags_v1beta1_tagstagvalue.yaml index 96922b69f8..f4617a49c6 100644 --- a/crds/tags_v1beta1_tagstagvalue.yaml +++ b/crds/tags_v1beta1_tagstagvalue.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml b/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml index 5a8104f9ef..26fb5e6d14 100644 --- a/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml +++ b/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml new file mode 100644 index 0000000000..30fe2a8c7a --- /dev/null +++ b/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml @@ -0,0 +1,1900 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-watcher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-manager + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.102.0 + image: gcr.io/cnrm-eap/recorder:fc8237b + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + hostPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: false + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/cnrm-eap/webhook:fc8237b + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/secrets/google/key.json + image: gcr.io/cnrm-eap/controller:fc8237b + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/secrets/google + name: gcp-service-account + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: gcp-service-account + secret: + secretName: gcp-key +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/cnrm-eap/deletiondefender:fc8237b + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 90 diff --git a/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml b/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml new file mode 100644 index 0000000000..1871feb5e1 --- /dev/null +++ b/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml @@ -0,0 +1,80645 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevel + plural: accesscontextmanageraccesslevels + shortNames: + - gcpaccesscontextmanageraccesslevel + - gcpaccesscontextmanageraccesslevels + singular: accesscontextmanageraccesslevel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerAccessLevel lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + basic: + description: A set of predefined conditions for the access level and + a combining function. + properties: + combiningFunction: + description: |- + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]. + type: string + conditions: + description: A set of requirements for the AccessLevel to be granted. + items: + properties: + devicePolicy: + description: |- + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", + "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", + "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' + type: string + requireVerifiedChromeOs: + description: If you specify DESKTOP_CHROME_OS + for osType, you can optionally include requireVerifiedChromeOs + to require Chrome Verified Access. + type: boolean + required: + - osType + type: object + type: array + requireAdminApproval: + description: Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + items: + description: |- + An allowed list of members (users, service accounts). + Using groups is not supported. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format + `serviceAccount:{{value}}`, where {{value}} + is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + negate: + description: |- + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + items: + description: |- + A list of other access levels defined in the same policy. + Referencing an AccessContextManagerAccessLevel which does not exist + is an error. All access levels listed must be granted for the + condition to be true. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + type: array + required: + - conditions + type: object + custom: + description: "Custom access level conditions are set using the Cloud + Common Expression Language to represent the necessary conditions + for the level to apply to a request. \nSee CEL spec at: https://github.com/google/cel-spec." + properties: + expr: + description: "Represents a textual expression in the Common Expression + Language (CEL) syntax. CEL is a C-like expression language.\nThis + page details the objects and attributes that are used to the + build the CEL expressions for \ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec." + properties: + description: + description: Description of the expression. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: String indicating the location of the expression + for error reporting, e.g. a file name and a position in + the file. + type: string + title: + description: Title for the expression, i.e. a short string + describing its purpose. + type: string + required: + - expression + type: object + required: + - expr + type: object + description: + description: Description of the AccessLevel and its use. Does not + affect behavior. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + title: + description: Human readable title. Must be unique within the Policy. + type: string + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessPolicy + plural: accesscontextmanageraccesspolicies + shortNames: + - gcpaccesscontextmanageraccesspolicy + - gcpaccesscontextmanageraccesspolicies + singular: accesscontextmanageraccesspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + title: + description: Human readable title. Does not affect behavior. + type: string + required: + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + name: + description: 'Resource name of the AccessPolicy. Format: {policy_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeter + plural: accesscontextmanagerserviceperimeters + shortNames: + - gcpaccesscontextmanagerserviceperimeter + - gcpaccesscontextmanagerserviceperimeters + singular: accesscontextmanagerserviceperimeter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerServicePerimeter lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: |- + Description of the ServicePerimeter and its use. Does not affect + behavior. + type: string + perimeterType: + description: |- + Immutable. Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: |- + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the 'useExplicitDryRunSpec' flag is set. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: "List of EgressPolicies to apply to the perimeter. + A perimeter may \nhave multiple EgressPolicies, each of which + is evaluated separately.\nAccess is granted if any EgressPolicy + grants it. Must be empty for \na perimeter bridge." + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access to outside the \nperimeter. If + left unspecified, then members of 'identities' field + will \nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + type: object + egressTo: + description: "Defines the conditions on the 'ApiOperation' + and destination resources that \ncause this 'EgressPolicy' + to apply." + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: "A list of 'ApiOperations' that this egress + rule applies to. A request matches \nif it contains + an operation/service in this list." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong \nto the service + specified by 'serviceName' field. A single MethodSelector + \nentry with '*' specified for the 'method' + field will allow all methods \nAND permissions + for the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for 'method' should + be a valid method name for the corresponding + \n'serviceName' in 'ApiOperation'. If + '*' used as value for method, \nthen ALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + serviceName \nfield set to '*' will allow all + methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + ingress policy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access from outside the \nperimeter. If + left unspecified, then members of 'identities' field + will be \nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: "A list of 'ApiOperations' the sources + specified in corresponding 'IngressFrom' \nare allowed + to perform in this 'ServicePerimeter'." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong to \nthe service + specified by serviceName field. A single 'MethodSelector' + entry \nwith '*' specified for the method field + will allow all methods AND \npermissions for + the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for method should be + a valid method name for the corresponding + \nserviceName in 'ApiOperation'. If '*' + used as value for 'method', then \nALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + 'serviceName' \nfield set to '*' will allow + all methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + status: + description: |- + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: "List of EgressPolicies to apply to the perimeter. + A perimeter may \nhave multiple EgressPolicies, each of which + is evaluated separately.\nAccess is granted if any EgressPolicy + grants it. Must be empty for \na perimeter bridge." + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access to outside the \nperimeter. If + left unspecified, then members of 'identities' field + will \nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + type: object + egressTo: + description: "Defines the conditions on the 'ApiOperation' + and destination resources that \ncause this 'EgressPolicy' + to apply." + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: "A list of 'ApiOperations' that this egress + rule applies to. A request matches \nif it contains + an operation/service in this list." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong \nto the service + specified by 'serviceName' field. A single MethodSelector + \nentry with '*' specified for the 'method' + field will allow all methods \nAND permissions + for the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for 'method' should + be a valid method name for the corresponding + \n'serviceName' in 'ApiOperation'. If + '*' used as value for method, \nthen ALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + serviceName \nfield set to '*' will allow all + methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access from outside the \nperimeter. If + left unspecified, then members of 'identities' field + will be \nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: "A list of 'ApiOperations' the sources + specified in corresponding 'IngressFrom' \nare allowed + to perform in this 'ServicePerimeter'." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong to \nthe service + specified by serviceName field. A single 'MethodSelector' + entry \nwith '*' specified for the method field + will allow all methods AND \npermissions for + the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for method should be + a valid method name for the corresponding + \nserviceName in 'ApiOperation'. If '*' + used as value for 'method', then \nALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + 'serviceName' \nfield set to '*' will allow + all methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + title: + description: Human readable title. Must be unique within the Policy. + type: string + useExplicitDryRunSpec: + description: |- + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. + type: boolean + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeenvironments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvironment + plural: apigeeenvironments + shortNames: + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apigeeOrganizationRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: + type: string + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apigeeOrganizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeorganizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeOrganization + plural: apigeeorganizations + shortNames: + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean + type: object + type: object + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string + required: + - analyticsRegion + - projectRef + - runtimeType + type: object + status: + properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com +spec: + group: artifactregistry.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories + shortNames: + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The user-provided description of the repository. + type: string + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + type: string + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The name of the location this repository is + located in. + type: string + mavenConfig: + description: |- + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string + type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object + resourceID: + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + required: + - format + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + name: + description: |- + The name of the repository, for example: + "projects/p1/locations/us-central1/repositories/repo1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasets.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataset + plural: bigquerydatasets + shortNames: + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryJob + plural: bigqueryjobs + shortNames: + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + copy: + description: Immutable. Copies a table. + properties: + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - sourceTables + type: object + extract: + description: Immutable. Configures an extract job. + properties: + compression: + description: |- + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + type: string + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + type: string + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: + type: string + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. + properties: + allowJaggedRows: + description: |- + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + type: string + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + type: string + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + items: + type: string + type: array + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. + items: + type: string + type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - destinationTable + - sourceUris + type: object + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobType: + description: The type of the job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. + items: + properties: + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' + type: string + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. + type: string + type: object + type: array + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: + description: |- + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + items: + type: string + type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string + required: + - datasetRef + - definitionBody + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerytables.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryTable + plural: bigquerytables + shortNames: + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: The field description. + type: string + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. + type: string + required: + - kmsKeyRef + type: object + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. + properties: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean + required: + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". + type: string + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". + type: string + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". + properties: + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. + type: string + fieldDelimiter: + description: The separator for fields in a CSV file. + type: string + quote: + type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote + type: object + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". + properties: + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' + type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer + type: object + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. + properties: + mode: + description: When set, what mode of hive partitioning to use + when reading data. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. + type: string + type: object + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. + properties: + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start + type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query + type: object + required: + - datasetRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: + description: Describes the table type. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableAppProfile + plural: bigtableappprofiles + shortNames: + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Long form description of the use case for this app profile. + type: string + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: + description: |- + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean + resourceID: + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + singleClusterRouting: + description: Use a single-cluster routing policy. + properties: + allowTransactionalWrites: + description: |- + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. + type: string + required: + - clusterId + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableGCPolicy + plural: bigtablegcpolicies + shortNames: + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: Immutable. The name of the column family. + type: string + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." + type: string + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableinstances.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableInstance + plural: bigtableinstances + shortNames: + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. + type: string + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtabletables.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableTable + plural: bigtabletables + shortNames: + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. + items: + properties: + family: + description: The name of the column family. + type: string + required: + - family + type: object + type: array + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com +spec: + group: billingbudgets.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets + shortNames: + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string + type: object + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The billing account of the resource + + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. + items: + properties: + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. + properties: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: + properties: + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. + type: string + comment: + description: Optional. A descriptive comment. This field + may be updated. + type: string + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. + type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object + type: object + type: array + required: + - noteRef + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time + type: string + userOwnedDrydockNote: + properties: + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies + shortNames: + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. + items: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - defaultAdmissionRule + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudBuildTrigger + plural: cloudbuildtriggers + shortNames: + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object + build: + description: Contents of the build template. Either a filename or + build template must be provided. + properties: + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array + required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." + type: string + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: + type: string + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. + type: boolean + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." + type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + type: string + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. + type: string + type: object + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com +spec: + group: cloudfunctions.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions + shortNames: + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: + description: |- + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. + properties: + eventType: + description: |- + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. + type: string + required: + - eventType + - resourceRef + type: object + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. + properties: + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' + type: string + type: object + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. + type: string + required: + - url + type: object + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC + type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - region + - runtime + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. + type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityGroup + plural: cloudidentitygroups + shortNames: + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + type: string + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. + properties: + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + type: string + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. + type: string + required: + - id + type: object + initialGroupConfig: + description: |- + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + type: string + labels: + additionalProperties: + type: string + description: |- + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - groupKey + - labels + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the Group was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityMembership + plural: cloudidentitymemberships + shortNames: + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group for the resource + + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array + required: + - groupRef + - preferredMemberKey + - roles + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available + properties: + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' + type: string + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com +spec: + group: cloudscheduler.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudSchedulerJob + plural: cloudschedulerjobs + shortNames: + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineHttpTarget: + description: App Engine HTTP target. + properties: + appEngineRouting: + description: App Engine Routing setting for the job. + properties: + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). + type: string + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. + type: string + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. + type: string + type: object + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer + type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string + required: + - location + type: object + status: + properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: 'Immutable. The type of address to reserve. Default value: + "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbuckets.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucket + plural: computebackendbuckets + shortNames: + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: |- + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservices.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendService + plural: computebackendservices + shortNames: + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. + properties: + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + type: integer + type: object + circuitBreakers: + description: |- + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + connectionDrainingTimeoutSec: + description: |- + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: + description: |- + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + properties: + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + type: string + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: string + type: object + consistentHash: + description: |- + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer + type: object + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. + properties: + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number + type: object + healthChecks: + items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef + properties: + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. + type: string + oauth2ClientIdRef: + description: |- + Only `external` field is supported to configure the reference. + + OAuth2 Client ID for IAP. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string + required: + - name + type: object + policy: + description: The configuration for a built-in load balancing + policy. + properties: + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + required: + - name + type: object + type: object + type: array + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + + + If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, + session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The security policy associated with this backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computedisks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDisk + plural: computedisks + shortNames: + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskEncryptionKey: + description: |- + Immutable. Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + imageRef: + description: The image from which to initialize this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sourceDiskId: + description: |- + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeexternalvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways + shortNames: + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicy + plural: computefirewallpolicies + shortNames: + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + required: + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations + shortNames: + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules + shortNames: + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computefirewalls.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewall + plural: computefirewalls + shortNames: + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. Only IPv4 is supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + type: string + disabled: + description: |- + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + type: boolean + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: + description: |- + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array + required: + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeforwardingrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeForwardingRule + plural: computeforwardingrules + shortNames: + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: + description: |- + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + ipAddress: + description: |- + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: + description: |- + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string + selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHealthCheck + plural: computehealthchecks + shortNames: + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. + properties: + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + type: string + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + type: object + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttphealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks + shortNames: + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttpshealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks + shortNames: + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeImage + plural: computeimages + shortNames: + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: + description: |- + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: + description: |- + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: + description: |- + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + status: + properties: + archiveSizeBytes: + description: |- + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. + items: + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object + type: array + type: object + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. + items: + properties: + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: + properties: + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. + type: string + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' + properties: + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean + type: object + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be exactly 375GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. A subnetwork with purpose set to + INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is + reserved for Internal HTTP(S) Load Balancing. + + If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. Currently, this field is only used when + purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE + or BACKUP. An ACTIVE subnetwork is one that is currently being used + for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that + is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + items: + properties: + name: + description: |- + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + type: string + value: + description: |- + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + prefixMatch: + description: |- + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + type: string + queryParameterMatches: + description: |- + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + items: + properties: + exactMatch: + description: |- + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + type: string + name: + description: |- + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + type: string + presentMatch: + description: |- + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + type: boolean + regexMatch: + description: |- + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + type: string + required: + - name + type: object + type: array + regexMatch: + description: |- + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + type: string + type: object + type: array + priority: + description: |- + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + type: integer + routeAction: + description: |- + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: |- + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable. + items: + type: string + type: array + required: + - numRetries + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + type: string + urlRedirect: + description: |- + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + type: boolean + type: object + required: + - priority + type: object + type: array + required: + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + test: + description: |- + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + items: + properties: + description: + description: Description of this test case. + type: string + host: + description: Host portion of the URL. + type: string + path: + description: Path portion of the URL. + type: string + service: + description: |- + The backend service resource that should be matched by this test. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - host + - path + - service + type: object + type: array + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + mapId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNGateway + plural: computevpngateways + shortNames: + - gcpcomputevpngateway + - gcpcomputevpngateways + singular: computevpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpnInterfaces: + description: Immutable. A list of interfaces on this VPN gateway. + items: + properties: + id: + description: Immutable. The numeric ID of this VPN gateway interface. + type: integer + interconnectAttachmentRef: + description: |- + Immutable. When this value is present, the VPN Gateway will be used + for IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the specified + interconnect attachment resource. Not currently available publicly. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: The external IP address for this VPN gateway interface. + type: string + type: object + type: array + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpntunnels.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNTunnel + plural: computevpntunnels + shortNames: + - gcpcomputevpntunnel + - gcpcomputevpntunnels + singular: computevpntunnel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + ikeVersion: + description: |- + Immutable. IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + type: integer + localTrafficSelector: + description: |- + Immutable. Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + peerExternalGatewayInterface: + description: Immutable. The interface ID of the external VPN gateway + to which this VPN tunnel is connected. + type: integer + peerExternalGatewayRef: + description: |- + The peer side external VPN gateway to which this VPN tunnel + is connected. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerGCPGatewayRef: + description: |- + The peer side HA GCP VPN gateway to which this VPN tunnel is + connected. If provided, the VPN tunnel will automatically use the + same VPN gateway interface ID in the peer GCP VPN gateway. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerIp: + description: Immutable. IP address of the peer VPN gateway. Only IPv4 + is supported. + type: string + region: + description: Immutable. The region where the tunnel is located. If + unset, is set to the region of 'target_vpn_gateway'. + type: string + remoteTrafficSelector: + description: |- + Immutable. Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The router to be used for dynamic routing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sharedSecret: + description: |- + Immutable. Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + targetVPNGatewayRef: + description: |- + The ComputeTargetVPNGateway with which this VPN tunnel is + associated. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnGatewayInterface: + description: Immutable. The interface ID of the VPN gateway with which + this VPN tunnel is associated. + type: integer + vpnGatewayRef: + description: |- + The ComputeVPNGateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - sharedSecret + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + detailedStatus: + description: Detailed status message for the VPN tunnel. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sharedSecretHash: + description: Hash of the shared secret. + type: string + tunnelId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: configcontrollerinstances.configcontroller.cnrm.cloud.google.com +spec: + group: configcontroller.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ConfigControllerInstance + plural: configcontrollerinstances + shortNames: + - gcpconfigcontrollerinstance + - gcpconfigcontrollerinstances + singular: configcontrollerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + managementConfig: + description: Immutable. Configuration of the cluster management + properties: + fullManagementConfig: + description: Immutable. Configuration of the full (Autopilot) + cluster management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + type: object + standardManagementConfig: + description: Immutable. Configuration of the standard (GKE) cluster + management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + required: + - masterIPv4CidrBlock + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + usePrivateEndpoint: + description: Immutable. Only allow access to the master's private + endpoint IP. + type: boolean + required: + - location + - managementConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gkeResourceLink: + description: Output only. KrmApiHost GCP self link used for identifying + the underlying endpoint (GKE cluster currently). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current state of the internal state + machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, + CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: containeranalysisnotes.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisNote + plural: containeranalysisnotes + shortNames: + - gcpcontaineranalysisnote + - gcpcontaineranalysisnotes + singular: containeranalysisnote + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: A note describing an attestation role. + properties: + hint: + description: Hint hints at the purpose of the attestation authority. + properties: + humanReadableName: + description: Required. The human readable name of this attestation + authority, for example "qa". + type: string + required: + - humanReadableName + type: object + type: object + build: + description: A note describing build provenance for a verifiable build. + properties: + builderVersion: + description: Required. Immutable. Version of the builder which + produced this build. + type: string + required: + - builderVersion + type: object + deployment: + description: A note describing something that can be deployed. + properties: + resourceUri: + description: Required. Resource URI for the artifact being deployed. + items: + type: string + type: array + required: + - resourceUri + type: object + discovery: + description: A note describing the initial analysis of a resource. + properties: + analysisKind: + description: 'The kind of analysis that is handled by this discovery. + Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, + IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + required: + - analysisKind + type: object + expirationTime: + description: Time of expiration for this note. Empty if note does + not expire. + format: date-time + type: string + image: + description: A note describing a base image. + properties: + fingerprint: + description: Required. Immutable. The fingerprint of the base + image. + properties: + v1Name: + description: Required. The layer ID of the final layer in + the Docker image's v1 representation. + type: string + v2Blob: + description: Required. The ordered list of v2 blobs that represent + a given image. + items: + type: string + type: array + required: + - v1Name + - v2Blob + type: object + resourceUrl: + description: Required. Immutable. The resource_url for the resource + representing the basis of associated occurrence images. + type: string + required: + - fingerprint + - resourceUrl + type: object + longDescription: + description: A detailed description of this note. + type: string + package: + description: Required for non-Windows OS. The package this Upgrade + is for. + properties: + distribution: + description: The various channels by which a package is distributed. + items: + properties: + architecture: + description: 'The CPU architecture for which packages in + this distribution channel were built Possible values: + ARCHITECTURE_UNSPECIFIED, X86, X64' + type: string + cpeUri: + description: The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) + denoting the package manager version distributing a package. + type: string + description: + description: The distribution channel-specific description + of this package. + type: string + latestVersion: + description: The latest available version of this package + in this distribution channel. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Distinguish between sentinel MIN/MAX versions + and normal versions. If kind is not NORMAL, then the + other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, + NORMAL, MINIMUM, MAXIMUM' + type: string + name: + description: The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + maintainer: + description: A freeform string denoting the maintainer of + this package. + type: string + url: + description: The distribution channel-specific homepage + for this package. + type: string + required: + - cpeUri + type: object + type: array + name: + description: The name of the package. + type: string + required: + - name + type: object + relatedNoteNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + relatedUrl: + description: URLs associated with this note. + items: + properties: + label: + description: Label to describe usage of the URL + type: string + url: + description: Specific URL to associate with the note + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shortDescription: + description: A one sentence description of this note. + type: string + vulnerability: + description: A note describing a package vulnerability. + properties: + cvssScore: + description: The CVSS score of this vulnerability. CVSS score + is on a scale of 0 - 10 where 0 indicates low severity and 10 + indicates high severity. + format: double + type: number + cvssV3: + description: The full description of the CVSSv3 for this vulnerability. + properties: + attackComplexity: + description: ' Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, + ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH' + type: string + attackVector: + description: 'Base Metrics Represents the intrinsic characteristics + of a vulnerability that are constant over time and across + user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, + ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, + ATTACK_VECTOR_PHYSICAL' + type: string + availabilityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + baseScore: + description: The base score is a function of the base metric + scores. + format: double + type: number + confidentialityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + exploitabilityScore: + format: double + type: number + impactScore: + format: double + type: number + integrityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + privilegesRequired: + description: ' Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, + PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH' + type: string + scope: + description: ' Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, + SCOPE_CHANGED' + type: string + userInteraction: + description: ' Possible values: USER_INTERACTION_UNSPECIFIED, + USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED' + type: string + type: object + details: + description: Details of all known distros and packages affected + by this vulnerability. + items: + properties: + affectedCpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + affectedPackage: + description: Required. The package this vulnerability affects. + type: string + affectedVersionEnd: + description: 'The version number at the end of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + affectedVersionStart: + description: 'The version number at the start of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + description: + description: A vendor-specific description of this vulnerability. + type: string + fixedCpeUri: + description: The distro recommended (https://cpe.mitre.org/specification/) + to update to that contains a fix for this vulnerability. + It is possible for this to be different from the affected_cpe_uri. + type: string + fixedPackage: + description: The distro recommended package to update to + that contains a fix for this vulnerability. It is possible + for this to be different from the affected_package. + type: string + fixedVersion: + description: The distro recommended version to update to + that contains a fix for this vulnerability. Setting this + to VersionKind.MAXIMUM means no such version is yet available. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + isObsolete: + description: Whether this detail is obsolete. Occurrences + are expected not to point to obsolete details. + type: boolean + packageType: + description: The type of package; whether native or non + native (e.g., ruby gems, node.js packages, etc.). + type: string + severityName: + description: The distro assigned severity of this vulnerability. + type: string + sourceUpdateTime: + description: The time this information was last changed + at the source. This is an upstream timestamp from the + underlying information source - e.g. Ubuntu security tracker. + format: date-time + type: string + required: + - affectedCpeUri + - affectedPackage + type: object + type: array + severity: + description: 'The note provider assigned severity of this vulnerability. + Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, + HIGH, CRITICAL' + type: string + sourceUpdateTime: + description: The time this information was last changed at the + source. This is an upstream timestamp from the underlying information + source - e.g. Ubuntu security tracker. + format: date-time + type: string + windowsDetails: + description: Windows details get their own format because the + information format and model don't match a normal detail. Specifically + Windows updates are done as patches, thus Windows vulnerabilities + really are a missing package, rather than a package being at + an incorrect version. + items: + properties: + cpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + description: + description: The description of this vulnerability. + type: string + fixingKbs: + description: Required. The names of the KBs which have hotfixes + to mitigate this vulnerability. Note that there may be + multiple hotfixes (and thus multiple KBs) that mitigate + a given vulnerability. Currently any listed KBs presence + is considered a fix. + items: + properties: + name: + description: The KB name (generally of the form KB+ + (e.g., KB123456)). + type: string + url: + description: A link to the KB in the (https://www.catalog.update.microsoft.com/). + type: string + type: object + type: array + name: + description: Required. The name of this vulnerability. + type: string + required: + - cpeUri + - fixingKbs + - name + type: object + type: array + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerclusters.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerCluster + plural: containerclusters + shortNames: + - gcpcontainercluster + - gcpcontainerclusters + singular: containercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: The configuration for addons supported by GKE. + properties: + cloudrunConfig: + description: The status of the CloudRun addon. It is disabled + by default. Set disabled = false to enable. + properties: + disabled: + type: boolean + loadBalancerType: + type: string + required: + - disabled + type: object + configConnectorConfig: + description: The of the Config Connector addon. + properties: + enabled: + type: boolean + required: + - enabled + type: object + dnsCacheConfig: + description: The status of the NodeLocal DNSCache addon. It is + disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcePersistentDiskCsiDriverConfig: + description: Whether this cluster should enable the Google Compute + Engine Persistent Disk Container Storage Interface (CSI) Driver. + Defaults to enabled; set disabled = true to disable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcpFilestoreCsiDriverConfig: + description: The status of the Filestore CSI driver addon, which + allows the usage of filestore instance as volumes. Defaults + to disabled; set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gkeBackupAgentConfig: + description: The status of the Backup for GKE Agent addon. It + is disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + horizontalPodAutoscaling: + description: The status of the Horizontal Pod Autoscaling addon, + which increases or decreases the number of replica pods a replication + controller has based on the resource usage of the existing pods. + It ensures that a Heapster pod is running in the cluster, which + is also used by the Cloud Monitoring service. It is enabled + by default; set disabled = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + httpLoadBalancing: + description: The status of the HTTP (L7) load balancing controller + addon, which makes it easy to set up HTTP load balancers for + services in a cluster. It is enabled by default; set disabled + = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + istioConfig: + description: The status of the Istio addon. + properties: + auth: + description: The authentication type between services in Istio. + Available options include AUTH_MUTUAL_TLS. + type: string + disabled: + description: The status of the Istio addon, which makes it + easy to set up Istio for services in a cluster. It is disabled + by default. Set disabled = false to enable. + type: boolean + required: + - disabled + type: object + kalmConfig: + description: Configuration for the KALM addon, which manages the + lifecycle of k8s. It is disabled by default; Set enabled = true + to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + networkPolicyConfig: + description: Whether we should enable the network policy addon + for the master. This must be enabled in order to enable network + policy for the nodes. To enable this, you must also define a + network_policy block, otherwise nothing will happen. It can + only be disabled if the nodes already do not have network policies + enabled. Defaults to disabled; set disabled = false to enable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + type: object + authenticatorGroupsConfig: + description: Configuration for the Google Groups for GKE feature. + properties: + securityGroup: + description: The name of the RBAC security group for use with + Google security groups in Kubernetes RBAC. Group name must be + in format gke-security-groups@yourdomain.com. + type: string + required: + - securityGroup + type: object + binaryAuthorization: + description: Configuration options for the Binary Authorization feature. + properties: + enabled: + description: DEPRECATED. Deprecated in favor of evaluation_mode. + Enable Binary Authorization for this cluster. + type: boolean + evaluationMode: + description: Mode of operation for Binary Authorization policy + evaluation. + type: string + type: object + clusterAutoscaling: + description: Per-cluster configuration of Node Auto-Provisioning with + Cluster Autoscaler to automatically adjust the size of the cluster + and create/delete node pools based on the current needs of the cluster's + workload. See the guide to using Node Auto-Provisioning for more + details. + properties: + autoProvisioningDefaults: + description: Contains defaults for a node pool created by NAP. + properties: + bootDiskKMSKeyRef: + description: |- + Immutable. The Customer Managed Encryption Key used to encrypt the + boot disk attached to each node in the node pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSize: + description: Size of the disk attached to each node, specified + in GB. The smallest allowed disk size is 10GB. + type: integer + imageType: + description: The default image type used by NAP once a new + node pool is being created. + type: string + management: + description: NodeManagement configuration for this NodePool. + properties: + autoRepair: + description: Specifies whether the node auto-repair is + enabled for the node pool. If enabled, the nodes in + this node pool will be monitored and, if they fail health + checks too many times, an automatic repair action will + be triggered. + type: boolean + autoUpgrade: + description: Specifies whether node auto-upgrade is enabled + for the node pool. If enabled, node auto-upgrade helps + keep the nodes in your node pool up to date with the + latest release version of Kubernetes. + type: boolean + upgradeOptions: + description: Specifies the Auto Upgrade knobs for the + node pool. + items: + properties: + autoUpgradeStartTime: + description: This field is set when upgrades are + about to commence with the approximate start time + for the upgrades, in RFC3339 text format. + type: string + description: + description: This field is set when upgrades are + about to commence with the description of the + upgrade. + type: string + type: object + type: array + type: object + minCpuPlatform: + description: Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or newer + CPU platform. Applicable values are the friendly names of + CPU platforms, such as Intel Haswell. + type: string + oauthScopes: + description: Scopes that are used by NAP when creating node + pools. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Defines whether the instance has Secure Boot + enabled. + type: boolean + type: object + upgradeSettings: + description: Specifies the upgrade settings for NAP created + node pools. + properties: + blueGreenSettings: + description: Settings for blue-green upgrade strategy. + properties: + nodePoolSoakDuration: + description: "Time needed after draining entire blue + pool. After this period, blue pool will be cleaned + up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration + in seconds with up to nine fractional digits, ending + with 's'. Example: \"3.5s\"." + type: string + standardRolloutPolicy: + description: Standard policy for the blue-green upgrade. + properties: + batchNodeCount: + description: Number of blue nodes to drain in + a batch. + type: integer + batchPercentage: + description: Percentage of the bool pool nodes + to drain in a batch. The range of this field + should be (0.0, 1.0]. + type: number + batchSoakDuration: + description: "Soak time after each batch gets + drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA + duration in seconds with up to nine fractional + digits, ending with 's'. Example: \"3.5s\"." + type: string + type: object + type: object + maxSurge: + description: The maximum number of nodes that can be created + beyond the current size of the node pool during the + upgrade process. + type: integer + maxUnavailable: + description: The maximum number of nodes that can be simultaneously + unavailable during the upgrade process. + type: integer + strategy: + description: Update strategy of the node pool. + type: string + type: object + type: object + autoscalingProfile: + description: Configuration options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler + should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED + or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string + enabled: + description: Whether node auto-provisioning is enabled. Resource + limits for cpu and memory must be defined to enable node auto-provisioning. + type: boolean + resourceLimits: + description: Global constraints for machine resources in the cluster. + Configuring the cpu and memory types is required if node auto-provisioning + is enabled. These limits will apply to node pool autoscaling + in addition to node auto-provisioning. + items: + properties: + maximum: + description: Maximum amount of the resource in the cluster. + type: integer + minimum: + description: Minimum amount of the resource in the cluster. + type: integer + resourceType: + description: The type of the resource. For example, cpu + and memory. See the guide to using Node Auto-Provisioning + for a list of types. + type: string + required: + - resourceType + type: object + type: array + type: object + clusterIpv4Cidr: + description: Immutable. The IP address range of the Kubernetes pods + in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank + to have one automatically chosen or specify a /14 block in 10.0.0.0/8. + This field will only work for routes-based clusters, where ip_allocation_policy + is not defined. + type: string + clusterTelemetry: + description: Telemetry integration for the cluster. + properties: + type: + description: Type of the integration. + type: string + required: + - type + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: This + configuration can''t be changed (or added/removed) after cluster + creation without deleting and recreating the entire cluster.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature is + enabled for all nodes in this cluster. + type: boolean + required: + - enabled + type: object + costManagementConfig: + description: Cost management configuration for the cluster. + properties: + enabled: + description: Whether to enable GKE cost allocation. When you enable + GKE cost allocation, the cluster name and namespace of your + GKE workloads appear in the labels field of the billing export + to BigQuery. Defaults to false. + type: boolean + required: + - enabled + type: object + databaseEncryption: + description: 'Application-layer Secrets Encryption settings. The object + format is {state = string, key_name = string}. Valid values of state + are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS + key.' + properties: + keyName: + description: The key to use to encrypt/decrypt secrets. + type: string + state: + description: ENCRYPTED or DECRYPTED. + type: string + required: + - state + type: object + datapathProvider: + description: Immutable. The desired datapath provider for this cluster. + By default, uses the IPTables-based kube-proxy implementation. + type: string + defaultMaxPodsPerNode: + description: Immutable. The default maximum number of pods per node + in this cluster. This doesn't work on "routes-based" clusters, clusters + that don't have IP Aliasing enabled. + type: integer + defaultSnatStatus: + description: Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when defaultSnatStatus is disabled. + properties: + disabled: + description: When disabled is set to false, default IP masquerade + rules will be applied to the nodes to prevent sNAT on cluster + internal traffic. + type: boolean + required: + - disabled + type: object + description: + description: Immutable. Description of the cluster. + type: string + dnsConfig: + description: Immutable. Configuration for Cloud DNS for Kubernetes + Engine. + properties: + clusterDns: + description: Which in-cluster DNS provider should be used. + type: string + clusterDnsDomain: + description: The suffix used for all cluster service records. + type: string + clusterDnsScope: + description: The scope of access to cluster DNS records. + type: string + type: object + enableAutopilot: + description: Immutable. Enable Autopilot for this cluster. + type: boolean + enableBinaryAuthorization: + description: DEPRECATED. Deprecated in favor of binary_authorization. + Enable Binary Authorization for this cluster. If enabled, all container + images will be validated by Google Binary Authorization. + type: boolean + enableIntranodeVisibility: + description: Whether Intra-node visibility is enabled for this cluster. + This makes same node pod to pod traffic visible for VPC network. + type: boolean + enableKubernetesAlpha: + description: Immutable. Whether to enable Kubernetes Alpha features + for this cluster. Note that when this option is enabled, the cluster + cannot be upgraded and will be automatically deleted after 30 days. + type: boolean + enableL4IlbSubsetting: + description: Whether L4ILB Subsetting is enabled for this cluster. + type: boolean + enableLegacyAbac: + description: Whether the ABAC authorizer is enabled for this cluster. + When enabled, identities in the system, including service accounts, + nodes, and controllers, will have statically granted permissions + beyond those provided by the RBAC configuration or IAM. Defaults + to false. + type: boolean + enableShieldedNodes: + description: Enable Shielded Nodes features on all nodes in this cluster. + Defaults to true. + type: boolean + enableTpu: + description: Immutable. Whether to enable Cloud TPU resources in this + cluster. + type: boolean + gatewayApiConfig: + description: Configuration for GKE Gateway API controller. + properties: + channel: + description: The Gateway API release channel to use for Gateway + API. + type: string + required: + - channel + type: object + identityServiceConfig: + description: Configuration for Identity Service which allows customers + to use external identity providers with the K8S API. + properties: + enabled: + description: Whether to enable the Identity Service component. + type: boolean + type: object + initialNodeCount: + description: Immutable. The number of nodes to create in this cluster's + default node pool. In regional or multi-zonal clusters, this is + the number of nodes per zone. Must be set if node_pool is not set. + If you're using google_container_node_pool objects with no default + node pool, you'll need to set this to a value of at least 1, alongside + setting remove_default_node_pool to true. + type: integer + ipAllocationPolicy: + description: Immutable. Configuration of cluster IP allocation for + VPC-native clusters. Adding this block enables IP aliasing, making + the cluster VPC-native instead of routes-based. + properties: + clusterIpv4CidrBlock: + description: Immutable. The IP address range for the cluster pod + IPs. Set to blank to have a range chosen with the default size. + Set to /netmask (e.g. /14) to have a range chosen with a specific + netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the + RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) + to pick a specific range to use. + type: string + clusterSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for pod IP addresses. Alternatively, + cluster_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + servicesIpv4CidrBlock: + description: Immutable. The IP address range of the services IPs + in this cluster. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + servicesSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for service ClusterIPs. Alternatively, + services_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + type: object + location: + description: Immutable. The location (region or zone) in which the + cluster master will be created, as well as the default node location. + If you specify a zone (such as us-central1-a), the cluster will + be a zonal cluster with a single cluster master. If you specify + a region (such as us-west1), the cluster will be a regional cluster + with multiple masters spread across zones in the region, and with + default node locations in those zones as well. + type: string + loggingConfig: + description: Logging configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing logs. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + required: + - enableComponents + type: object + loggingService: + description: The logging service that the cluster should write logs + to. Available options include logging.googleapis.com(Legacy Stackdriver), + logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine + Logging), and none. Defaults to logging.googleapis.com/kubernetes. + type: string + maintenancePolicy: + description: The maintenance policy to use for the cluster. + properties: + dailyMaintenanceWindow: + description: 'Time window specified for daily maintenance operations. + Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] + and MM : [00-59] GMT.' + properties: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + is 375 GB in size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. + items: + properties: + effect: + description: Immutable. Effect for taint. + type: string + key: + description: Immutable. Key for taint. + type: string + value: + description: Immutable. Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. + type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - enabled + type: object + required: + - pubsub + type: object + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. + properties: + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. + properties: + enabled: + description: Whether the cluster master is accessible globally + or not. + type: boolean + required: + - enabled + type: object + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. + type: string + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. + type: string + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. + properties: + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string + required: + - channel + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. + properties: + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. + properties: + datasetId: + description: The ID of a BigQuery Dataset. + type: string + required: + - datasetId + type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. + properties: + enabled: + description: Enables vertical pod autoscaling. + type: boolean + required: + - enabled + type: object + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. + type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + is 375 GB in size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. + items: + properties: + effect: + description: Immutable. Effect for taint. + type: string + key: + description: Immutable. Key for taint. + type: string + value: + description: Immutable. Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: The workload metadata configuration for this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer + nodeLocations: + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. + items: + type: string + type: array + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + taxonomyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - displayName + - taxonomyRef + type: object + status: + properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Taxonomy location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: + type: string + parameters: + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + required: + - containerSpecGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowjobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowJob + plural: dataflowjobs + shortNames: + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". + type: string + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. + type: string + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string + required: + - tempGcsLocation + - templateGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + description: The unique ID of this job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: datafusioninstances.datafusion.cnrm.cloud.google.com +spec: + group: datafusion.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataFusionInstance + plural: datafusioninstances + shortNames: + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. + type: string + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. + type: string + required: + - location + - type + type: object + status: + properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string + state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies + shortNames: + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + basicAlgorithm: + properties: + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' + type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. + properties: + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + type: object + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. + properties: + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances + type: object + required: + - basicAlgorithm + - location + - workerConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocclusters.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocCluster + plural: dataprocclusters + shortNames: + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource, usually a GCP + region. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Google Cloud Platform project ID that the cluster belongs to. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. + properties: + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kubernetesClusterConfig + type: object + required: + - location + type: object + status: + properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates + shortNames: + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: + type: string + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. + properties: + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + type: object + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: + type: string + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: + type: string + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. + type: string + required: + - clusterLabels + type: object + managedCluster: + description: Immutable. A cluster that is managed by the workflow. + properties: + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object + required: + - clusterName + - config + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - jobs + - location + - placement + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time template was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPDeidentifyTemplate + plural: dlpdeidentifytemplates + shortNames: + - gcpdlpdeidentifytemplate + - gcpdlpdeidentifytemplates + singular: dlpdeidentifytemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + deidentifyConfig: + description: The core content of the template. + properties: + infoTypeTransformations: + description: Treat the dataset as free-form text and apply the + same free text transformation everywhere. + properties: + transformations: + description: Required. Transformation for each infoType. Cannot + specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation to. + An empty list will cause this transformation to apply + to all findings that correspond to infoTypes that + were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation to apply + to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + recordTransformations: + description: Treat the dataset as structured. Transformations + can be applied to specific locations within structured datasets, + such as transforming a column within a table. + properties: + fieldTransformations: + description: Transform the record by applying various field + transformations. + items: + properties: + condition: + description: 'Only apply the transformation if the condition + evaluates to true for the given `RecordCondition`. + The conditions are allowed to reference fields that + are not used in the actual transformation. Example + Use Cases: - Apply a different bucket transformation + to an age column if the zip code column for the same + record is within a specific range. - Redact a field + if the date of birth field is greater than 85.' + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + fields: + description: Required. Input field(s) to apply the transformation + to. When you have columns that reference their position + within a list, omit the index from the FieldId. FieldId + name matching ignores the index. For example, instead + of "contact.nums[0].type", use "contact.nums.type". + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + infoTypeTransformations: + description: Treat the contents of the field as free + text, and selectively transform content that matches + an `InfoType`. + properties: + transformations: + description: Required. Transformation for each infoType. + Cannot specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation + to. An empty list will cause this transformation + to apply to all findings that correspond + to infoTypes that were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation + to apply to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges + must be non-overlapping. + items: + properties: + max: + description: Upper bound of + the range, exclusive; type + must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of + the range, inclusive. Type + should be the same as max + if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement + value for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, + items in this list will be skipped + when replacing characters. For example, + if the input string is `555-555-5555` + and you instruct Cloud DLP to skip + `-` and mask 5 characters with `*`, + Cloud DLP returns `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not + transform when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters + to not transform when masking. + Useful to avoid removing punctuation. + Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, + ALPHA_LOWER_CASE, PUNCTUATION, + WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask + the sensitive values—for example, + `*` for an alphabetic string such + as a name, or `0` for a numeric + string such as ZIP code or credit + card number. This string must have + a length of 1. If not supplied, + this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters + to mask. If not set, all matching + chars will be masked. Skipped characters + do not count towards this tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse + order. For example, if `masking_character` + is `0`, `number_to_mask` is `14`, + and `reverse_order` is `false`, + then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. + If `masking_character` is `*`, `number_to_mask` + is `3`, and `reverse_order` is `true`, + then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. + properties: + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name + for this InfoType. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. + properties: + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl + type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: eventarctriggers.eventarc.cnrm.cloud.google.com +spec: + group: eventarc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EventarcTrigger + plural: eventarctriggers + shortNames: + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. + + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: + properties: + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string + type: object + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: + type: string + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships + shortNames: + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configmanagement: + description: Config Management-specific spec. + properties: + binauthz: + description: Binauthz configuration for the cluster. + properties: + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean + type: object + configSync: + description: Config Sync configuration for the cluster. + properties: + git: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string + type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string + type: object + hierarchyController: + description: Hierarchy Controller configuration for the cluster. + properties: + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean + type: object + policyController: + description: Policy Controller configuration for the cluster. + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + type: string + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean + type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string + type: object + featureRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mesh: + description: Manage Mesh Features + properties: + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - featureRef + - location + - membershipRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeatures.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeature + plural: gkehubfeatures + shortNames: + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. + properties: + multiclusteringress: + description: Multicluster Ingress-specific spec. + properties: + configMembershipRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - configMembershipRef + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubmemberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubMembership + plural: gkehubmemberships + shortNames: + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' + properties: + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string + type: object + description: + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' + type: string + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - resourceRef + - service + type: object + status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + properties: + conditions: + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMCustomRole + plural: iamcustomroles + shortNames: + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description for the role. + type: string + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string + required: + - permissions + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampartialpolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPartialPolicy + plural: iampartialpolicies + shortNames: + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy + properties: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + oneOf: + - required: + - member + - required: + - memberFrom + properties: + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy + properties: + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicy + plural: iampolicies + shortNames: + - gcpiampolicy + - gcpiampolicies + singular: iampolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicySpec defines the desired state of IAMPolicy + properties: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPolicyStatus defines the observed state of IAMPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicymembers.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicyMember + plural: iampolicymembers + shortNames: + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicyMember is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom + properties: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - resourceRef + - role + type: object + status: + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys + shortNames: + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + type: string + privateKeyType: + description: Immutable. + type: string + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. + type: string + publicKeyType: + description: Immutable. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Immutable. The name used for this key pair. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccount + plural: iamserviceaccounts + shortNames: + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - attributeMapping + - location + - workforcePoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePool + plural: iamworkforcepools + shortNames: + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). + type: string + required: + - location + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders + shortNames: + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - workloadIdentityPoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools + shortNames: + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the pool. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A display name for the pool. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapbrands.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPBrand + plural: iapbrands + shortNames: + - gcpiapbrand + - gcpiapbrands + singular: iapbrand + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients + shortNames: + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + brandRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: Immutable. Human-friendly name given to the OAuth client. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - brandRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: Output only. Client secret of the OAuth client. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformConfig + plural: identityplatformconfigs + shortNames: + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: + type: string + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object + type: object + client: + description: Options related to how clients making requests on behalf + of a project should be configured. + properties: + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + monitoring: + description: Configuration related to monitoring project activity. + properties: + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. + type: string + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + quota: + description: Configuration related to quotas. + properties: + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + client: + properties: + apiKey: + description: Output only. API key that can be used when making + requests for this project. + type: string + firebaseSubdomain: + description: Output only. Firebase subdomain. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs + shortNames: + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantOAuthIDPConfig + plural: identityplatformtenantoauthidpconfigs + shortNames: + - gcpidentityplatformtenantoauthidpconfig + - gcpidentityplatformtenantoauthidpconfigs + singular: identityplatformtenantoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + tenantRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The tenant for the resource + + Allowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tenantRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenants.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenant + plural: identityplatformtenants + shortNames: + - gcpidentityplatformtenant + - gcpidentityplatformtenants + singular: identityplatformtenant + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowPasswordSignup: + description: Whether to allow email/password user authentication. + type: boolean + disableAuth: + description: Whether authentication is disabled for the tenant. If + true, the users under the disabled tenant are not allowed to sign-in. + Admins of the disabled tenant are not able to manage its users. + type: boolean + displayName: + description: Display name of the tenant. + type: string + enableAnonymousUser: + description: Whether to enable anonymous user authentication. + type: boolean + enableEmailLinkSignin: + description: Whether to enable email link user authentication. + type: boolean + mfaConfig: + description: The tenant-level configuration of MFA options. + properties: + enabledProviders: + description: A list of usable second factors for this project. + items: + type: string + type: array + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testPhoneNumbers: + additionalProperties: + type: string + description: A map of pairs that can + be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) + and a maximum of 10 pairs can be added (error will be thrown once + exceeded). + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeys.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKey + plural: kmscryptokeys + shortNames: + - gcpkmscryptokey + - gcpkmscryptokeys + singular: kmscryptokey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogbuckets.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogBucket + plural: logginglogbuckets + shortNames: + - gcplogginglogbucket + - gcplogginglogbuckets + singular: logginglogbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this bucket. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + locked: + description: Whether the bucket has been locked. The retention period + on a locked bucket may not be changed. Locked buckets may only be + deleted if they are empty. + type: boolean + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionDays: + description: Logs will be retained by default for this amount of time, + after which they will automatically be deleted. The minimum retention + period is 1 day. If this value is set to zero at bucket creation + time, the default time of 30 days will be used. + format: int64 + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the bucket. This + is not set for any of the default buckets. + format: date-time + type: string + lifecycleState: + description: 'Output only. The bucket lifecycle state. Possible values: + LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the bucket. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogexclusions.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogExclusion + plural: logginglogexclusions + shortNames: + - gcplogginglogexclusion + - gcplogginglogexclusions + singular: logginglogexclusion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - projectRef + - required: + - folderRef + - required: + - organizationRef + - required: + - billingAccountRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A description of this exclusion. + type: string + disabled: + description: Optional. If set to True, then this exclusion is disabled + and it does not exclude any log entries. You can update an exclusion + to change the value of this field. + type: boolean + filter: + description: 'Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), + you can exclude less than 100% of the matching log entries. For + example, the following query matches 99% of low-severity log entries + from Google Cloud Storage buckets: `"resource.type=gcs_bucket severity' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogmetrics.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogMetric + plural: logginglogmetrics + shortNames: + - gcplogginglogmetric + - gcplogginglogmetrics + singular: logginglogmetric + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketOptions: + description: Optional. The `bucket_options` are required when the + logs-based metric is using a DISTRIBUTION value type and it describes + the bucket boundaries used to create a histogram of the extracted + values. + properties: + explicitBuckets: + description: The explicit buckets. + properties: + bounds: + description: The values must be monotonically increasing. + items: + format: double + type: number + type: array + type: object + exponentialBuckets: + description: The exponential buckets. + properties: + growthFactor: + description: Must be greater than 1. + format: double + type: number + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + scale: + description: Must be greater than 0. + format: double + type: number + type: object + linearBuckets: + description: The linear bucket. + properties: + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + offset: + description: Lower bound of the first bucket. + format: double + type: number + width: + description: Must be greater than 0. + format: double + type: number + type: object + type: object + description: + description: Optional. A description of this metric, which is used + in documentation. The maximum length of the description is 8000 + characters. + type: string + disabled: + description: Optional. If set to True, then this metric is disabled + and it does not generate any points. + type: boolean + filter: + description: 'Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) + which is used to match log entries. Example: "resource.type=gae_app + AND severity>=ERROR" The maximum length of the filter is 20000 characters.' + type: string + labelExtractors: + additionalProperties: + type: string + description: Optional. A map from a label key string to an extractor + expression which is used to extract data from a log entry field + and assign as the label value. Each label key specified in the LabelDescriptor + must have an associated extractor expression in this map. The syntax + of the extractor expression is the same as for the `value_extractor` + field. The extracted value is converted to the type defined in the + label descriptor. If the either the extraction or the type conversion + fails, the label will have a default value. The default value for + a string label is an empty string, for an integer label its 0, and + for a boolean label its `false`. Note that there are upper bounds + on the maximum number of labels and the number of active time series + that are allowed in a project. + type: object + metricDescriptor: + description: Optional. The metric descriptor associated with the logs-based + metric. If unspecified, it uses a default metric descriptor with + a DELTA metric kind, INT64 value type, with no labels and a unit + of "1". Such a metric counts the number of log entries matching + the `filter` expression. The `name`, `type`, and `description` fields + in the `metric_descriptor` are output only, and is constructed using + the `name` and `description` field in the LogMetric. To create a + logs-based metric that records a distribution of log values, a DELTA + metric kind with a DISTRIBUTION value type must be used along with + a `value_extractor` expression in the LogMetric. Each label in the + metric descriptor must have a matching label name as the key and + an extractor expression as the value in the `label_extractors` map. + The `metric_kind` and `value_type` fields in the `metric_descriptor` + cannot be updated once initially configured. New labels can be added + in the `metric_descriptor`, but existing labels cannot be modified + except for their description. + properties: + displayName: + description: A concise name for the metric, which can be displayed + in user interfaces. Use sentence case without an ending period, + for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: The set of labels that can be used to describe a + specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just + for responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for + the label. + type: string + key: + description: Immutable. The label key. + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64, DOUBLE, + DISTRIBUTION, MONEY' + type: string + type: object + type: array + launchStage: + description: 'Optional. The launch stage of the metric definition. + Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, + BETA, GA, DEPRECATED' + type: string + metadata: + description: Optional. Metadata which can be used to guide usage + of the metric. + properties: + ingestDelay: + description: The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + samplePeriod: + description: The sampling period of metric data points. For + metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data + loss due to errors. Metrics with a higher granularity have + a smaller sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: GAUGE, + DELTA, CUMULATIVE' + type: string + unit: + description: 'The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of + the stored metric values. Different systems might scale the + values to be more easily displayed (so a value of `0.02kBy` + _might_ be displayed as `20By`, and a value of `3523kBy` _might_ + be displayed as `3.5MBy`). However, if the `unit` is `kBy`, + then the value of the metric is always in thousands of bytes, + no matter how it might be displayed. If you want a custom metric + to record the exact number of CPU-seconds used by a job, you + can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` + (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 + CPU-seconds, then the value is written as `12005`. Alternatively, + if you want a custom metric to record data in a more granular + way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` + is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), + or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: + **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second + * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes + (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) + * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` + zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` + micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto + (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto + (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) + * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar + also includes these connectors: * `/` division or ratio (as + an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` + (although you should almost never have `/s` in a metric `unit`; + rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. + The grammar for a unit is as follows: Expression = Component: + { "." Component } { "/" Component } ; Component = ( [ PREFIX + ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation + = "{" NAME "}" ; Notes: * `Annotation` is just a comment if + it follows a `UNIT`. If the annotation is used alone, then the + unit is equivalent to `1`. For examples, `{request}/s == 1/s`, + `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank + printable ASCII characters not containing `{` or `}`. * `1` + represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) + of 1, such as in `1/s`. It is typically used when none of the + basic units are appropriate. For example, "new users per day" + can be represented as `1/d` or `{new-users}/d` (and a metric + value `5` would mean "5 new users). Alternatively, "thousands + of page views per day" would be represented as `1000/d` or `k1/d` + or `k{page_views}/d` (and a metric value of `5.3` would mean + "5300 page views per day"). * `%` represents dimensionless value + of 1/100, and annotates values giving a percentage (so the metric + values are typically in the range of 0..100, and a metric value + `3` means "3 percent"). * `10^2.%` indicates a metric contains + a ratio, typically in the range 0..1, that will be multiplied + by 100 and displayed as a percentage (so a metric value `0.03` + means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, + a floating-point number, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: STRING, + BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the project in which to create the metric. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueExtractor: + description: 'Optional. A `value_extractor` is required when using + a distribution logs-based metric to extract the values to record + from a log entry. Two functions are supported for value extraction: + `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument + are: 1. field: The name of the log entry field from which the value + is to be extracted. 2. regex: A regular expression using the Google + RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single + capture group to extract data from the specified log entry field. + The value of the field is converted to a string before applying + the regex. It is an error to specify a regex that does not include + exactly one capture group. The result of the extraction must be + convertible to a double type, as the distribution always records + double values. If either the extraction or the conversion to double + fails, then those values are not recorded in the distribution. Example: + `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(d+).*")`' + type: string + required: + - filter + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the metric. This + field may not be present for older metrics. + format: date-time + type: string + metricDescriptor: + properties: + description: + description: A detailed description of the metric, which can be + used in documentation. + type: string + monitoredResourceTypes: + description: Read-only. If present, then a time series, which + is identified partially by a metric type and a MonitoredResourceDescriptor, + that is associated with this metric type can only be associated + with one of the monitored resource types listed here. + items: + type: string + type: array + name: + description: The resource name of the metric descriptor. + type: string + type: + description: 'The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For + example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the metric. + This field may not be present for older metrics. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: logginglogsinks.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogSink + plural: logginglogsinks + shortNames: + - gcplogginglogsink + - gcplogginglogsinks + singular: logginglogsink + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryOptions: + description: Options that affect sinks exporting data to BigQuery. + properties: + usePartitionedTables: + description: Whether to use BigQuery's partition tables. By default, + Logging creates dated tables based on the log entries' timestamps, + e.g. syslog_20170523. With partitioned tables the date suffix + is no longer present and special query syntax has to be used + instead. In both cases, tables are sharded based on UTC timezone. + type: boolean + required: + - usePartitionedTables + type: object + description: + description: A description of this sink. The maximum length of the + description is 8000 characters. + type: string + destination: + oneOf: + - required: + - bigQueryDatasetRef + - required: + - loggingLogBucketRef + - required: + - pubSubTopicRef + - required: + - storageBucketRef + properties: + bigQueryDatasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, + where {{value}} is the `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + loggingLogBucketRef: + description: Only `external` field is supported to configure the + reference. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, + where {{value}} is the `name` field of a `LoggingLogBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubSubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `storage.googleapis.com/{{value}}`, + where {{value}} is the `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + disabled: + description: If set to True, then this sink is disabled and it does + not export any log entries. + type: boolean + exclusions: + description: Log entries that match any of the exclusion filters will + not be exported. If a log entry is matched by both filter and one + of exclusion's filters, it will not be exported. + items: + properties: + description: + description: A description of this exclusion. + type: string + disabled: + description: If set to True, then this exclusion is disabled + and it does not exclude any log entries. + type: boolean + filter: + description: An advanced logs filter that matches the log entries + to be excluded. By using the sample function, you can exclude + less than 100% of the matching log entries. + type: string + name: + description: A client-assigned identifier, such as "load-balancer-exclusion". + Identifiers are limited to 100 characters and can include + only letters, digits, underscores, hyphens, and periods. First + character has to be alphanumeric. + type: string + required: + - filter + - name + type: object + type: array + filter: + description: The filter to apply when exporting logs. Only log entries + that match the filter are exported. + type: string + folderRef: + description: |- + The folder in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + includeChildren: + description: Immutable. Whether or not to include children organizations + in the sink export. If true, logs associated with child projects + are also exported; otherwise only logs relating to the provided + organization are included. + type: boolean + organizationRef: + description: |- + The organization in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + uniqueWriterIdentity: + description: Immutable. Whether or not to create a unique identity + associated with this sink. If false (the default), then the writer_identity + used is serviceAccount:cloud-logs@system.gserviceaccount.com. If + true, then a unique service account is created and used for this + sink. If you wish to publish logs across projects, you must set + unique_writer_identity to true. + type: boolean + required: + - destination + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + writerIdentity: + description: The identity associated with this sink. This identity + must be granted write access to the configured destination. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogviews.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogView + plural: logginglogviews + shortNames: + - gcplogginglogview + - gcplogginglogviews + singular: logginglogview + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + bucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The bucket of the resource + + Allowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this view. + type: string + filter: + description: 'Filter that restricts which log entries in a bucket + are visible in this view. Filters are restricted to be a logical + AND of ==/!= of any of the following: - originating project/folder/organization/billing + account. - resource type - log id For example: SOURCE("projects/myproject") + AND resource.type = "gce_instance" AND LOG_ID("stdout")' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the view. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the view. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: memcacheinstances.memcache.cnrm.cloud.google.com +spec: + group: memcache.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemcacheInstance + plural: memcacheinstances + shortNames: + - gcpmemcacheinstance + - gcpmemcacheinstances + singular: memcacheinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the instance. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - duration + - startTime + type: object + type: array + required: + - weeklyMaintenanceWindow + type: object + memcacheParameters: + description: Immutable. User-specified parameters for this memcache + instance. + properties: + id: + description: This is a unique ID associated with this set of parameters. + type: string + params: + additionalProperties: + type: string + description: User-defined set of parameters to use in the memcache + process. + type: object + type: object + memcacheVersion: + description: |- + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. Default value: "MEMCACHE_1_5" Possible values: ["MEMCACHE_1_5"]. + type: string + networkRef: + description: The full name of the network to connect the instance + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeConfig: + description: Immutable. Configuration for memcache nodes. + properties: + cpuCount: + description: Number of CPUs per node. + type: integer + memorySizeMb: + description: Memory size in Mebibytes for each memcache node. + type: integer + required: + - cpuCount + - memorySizeMb + type: object + nodeCount: + description: Number of nodes in the memcache instance. + type: integer + region: + description: Immutable. The region of the Memcache instance. If it + is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zones: + description: |- + Immutable. Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + items: + type: string + type: array + required: + - nodeConfig + - nodeCount + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + discoveryEndpoint: + description: Endpoint for Discovery API. + type: string + maintenanceSchedule: + description: Output only. Published maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memcacheFullVersion: + description: The full version of memcached server running on this + instance. + type: string + memcacheNodes: + description: Additional information about the instance state, if available. + items: + properties: + host: + description: Hostname or IP address of the Memcached node used + by the clients to connect to the Memcached server on this + node. + type: string + nodeId: + description: Identifier of the Memcached node. The node id does + not include project or location like the Memcached instance + name. + type: string + port: + description: The port number of the Memcached server on this + node. + type: integer + state: + description: Current state of the Memcached node. + type: string + zone: + description: Location (GCP Zone) for the Memcached node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringalertpolicies.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringAlertPolicy + plural: monitoringalertpolicies + shortNames: + - gcpmonitoringalertpolicy + - gcpmonitoringalertpolicies + singular: monitoringalertpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alertStrategy: + description: Control over how this alert policy's notification channels + are notified. + properties: + autoClose: + description: If an alert policy that was active has no data for + this long, any open incidents will close. + type: string + notificationRateLimit: + description: |- + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + properties: + period: + description: Not more than one notification per period. + type: string + type: object + type: object + combiner: + description: |- + How to combine the results of multiple conditions to + determine if an incident should be opened. Possible values: ["AND", "OR", "AND_WITH_MATCHING_RESOURCE"]. + type: string + conditions: + description: |- + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + items: + properties: + conditionAbsent: + description: |- + A condition that checks that a time series + continues to receive new data points. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + duration: + description: |- + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + type: object + conditionMatchedLog: + description: |- + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + properties: + filter: + description: A logs-based filter. + type: string + labelExtractors: + additionalProperties: + type: string + description: |- + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + type: object + required: + - filter + type: object + conditionMonitoringQueryLanguage: + description: A Monitoring Query Language query that outputs + a boolean stream. + properties: + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + query: + description: Monitoring Query Language query that outputs + a boolean stream. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + - query + type: object + conditionThreshold: + description: |- + A condition that compares a time series against a + threshold. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + comparison: + description: |- + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. Possible values: ["COMPARISON_GT", "COMPARISON_GE", "COMPARISON_LT", "COMPARISON_LE", "COMPARISON_EQ", "COMPARISON_NE"]. + type: string + denominatorAggregations: + description: |- + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + denominatorFilter: + description: |- + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + thresholdValue: + description: |- + A value against which to compare the time + series. + type: number + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - comparison + - duration + type: object + displayName: + description: |- + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + type: string + name: + description: |- + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + type: string + required: + - displayName + type: object + type: array + displayName: + description: |- + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + type: string + documentation: + description: |- + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + properties: + content: + description: |- + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + type: string + mimeType: + description: |- + The format of the content field. Presently, only the value + "text/markdown" is supported. + type: string + type: object + enabled: + description: Whether or not the policy is enabled. The default is + true. + type: boolean + notificationChannels: + items: + description: Identifies the notification channels to which notifications + should be sent when incidents are opened or closed or when new + violations occur on an already opened incident. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `MonitoringNotificationChannel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - combiner + - conditions + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationRecord: + description: |- + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + items: + properties: + mutateTime: + description: When the change occurred. + type: string + mutatedBy: + description: The email address of the user making the change. + type: string + type: object + type: array + name: + description: |- + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringdashboards.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringDashboard + plural: monitoringdashboards + shortNames: + - gcpmonitoringdashboard + - gcpmonitoringdashboards + singular: monitoringdashboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnLayout: + description: The content is divided into equally spaced columns and + the widgets are arranged vertically. + properties: + columns: + description: The columns of content to display. + items: + properties: + weight: + description: The relative weight of this column. The column + weight is used to adjust the width of columns on the screen + (relative to peers). Greater the weight, greater the width + of the column on the screen. If omitted, a value of 1 + is used while rendering. + format: int64 + type: integer + widgets: + description: The display widgets arranged vertically in + this column. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google + Cloud resource name of a `Project` resource + (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. For example, if the data + is published once every 10 minutes it would + not make sense to fetch and align data at + one minute intervals. This field is optional + and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine + the state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold + that triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum + alignment period to use in a time series + query For example, if the data is published + once every 10 minutes, the `min_alignment_period` + should be at least 10 minutes. It would + not make sense to fetch and align data + at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods + (e.g., week-over-week metrics). The duration + must be positive, and it can only be applied + to charts with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + displayName: + description: Required. The mutable, human-readable name. + type: string + gridLayout: + description: Content is arranged with a basic layout that re-flows + a simple list of informational elements like widgets or tiles. + properties: + columns: + description: The number of columns into which the view's width + is divided. If omitted or set to zero, a system default will + be used while rendering. + format: int64 + type: integer + widgets: + description: The informational elements that are arranged into + the columns row-first. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud + resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show a gauge + chart. + properties: + lowerBound: + description: The lower bound for this gauge chart. + The value of the chart should always be greater + than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge chart. + The value of the chart should always be less than + or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a spark + chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the minimum + alignment period to use in a time series query. + For example, if the data is published once every + 10 minutes it would not make sense to fetch and + align data at one minute intervals. This field + is optional and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart to + show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, + SPARK_LINE, SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine the state + of the scorecard given the time series'' current value. + For an actual value x, the scorecard is in a danger + state if x is less than or equal to a danger threshold + that triggers below, or greater than or equal to a + danger threshold that triggers above. Similarly, if + x is above/below a warning threshold that triggers + above/below, then the scorecard is in a warning state + - unless x also puts it in a danger state. (Danger + trumps warning.) As an example, consider a scorecard + with the following four thresholds: { value: 90, category: + ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: + ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: + ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: + ''WARNING'', trigger: ''BELOW'', } Then: values + less than or equal to 10 would put the scorecard in + a DANGER state, values greater than 10 but less than + or equal to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or equal + to 70 but less than 90 a WARNING state, and values + greater than or equal to 90 a DANGER state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current threshold. + Direction is not allowed in a XyChart. Possible + values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time series + data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views of + the data. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking to + select time series that pass through the + filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series. + Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking to + select time series that pass through the + filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series. + Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will override + any unit that accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. Possible + values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: MODE_UNSPECIFIED, + COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this chart. + items: + properties: + legendTemplate: + description: 'A template string for naming `TimeSeries` + in the resulting data set. This should be a + string with interpolations of the form `${label_name}`, + which will resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set, implemented + by specifying the minimum alignment period to + use in a time series query For example, if the + data is published once every 10 minutes, the + `min_alignment_period` should be at least 10 + minutes. It would not make sense to fetch and + align data at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally across + the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current threshold. + Direction is not allowed in a XyChart. Possible + values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows values + from two similar-length time periods (e.g., week-over-week + metrics). The duration must be positive, and it can + only be applied to charts with data sets of LINE plot + type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a linear + scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a linear + scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + mosaicLayout: + description: The content is arranged as a grid of tiles, with each + content widget occupying one or more tiles. + properties: + columns: + description: The number of columns in the mosaic grid. + format: int64 + type: integer + tiles: + description: The tiles to display. + items: + properties: + height: + description: The height of the tile, measured in grid squares. + format: int64 + type: integer + widget: + description: The informational widget contained in the tile. + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud + resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show a + gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a + spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the + minimum alignment period to use in a time + series query. For example, if the data is + published once every 10 minutes it would not + make sense to fetch and align data at one + minute intervals. This field is optional and + exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine the + state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold that + triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in a + XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass through + the filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, + METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. The value must be at least + 60 seconds. If a per-series aligner + other than `ALIGN_NONE` is specified, + this field is required or an error + is returned. If no per-series + aligner is specified, or the aligner + `ALIGN_NONE` is specified, then + this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not + all reducer operations can be + applied to all time series. The + valid choices depend on the `metric_kind` + and the `value_type` of the original + time series. Reduction can yield + a time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first be aligned + (see `per_series_aligner`) in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets prior + to applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. The value must be at least + 60 seconds. If a per-series aligner + other than `ALIGN_NONE` is specified, + this field is required or an error + is returned. If no per-series + aligner is specified, or the aligner + `ALIGN_NONE` is specified, then + this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not + all reducer operations can be + applied to all time series. The + valid choices depend on the `metric_kind` + and the `value_type` of the original + time series. Reduction can yield + a time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first be aligned + (see `per_series_aligner`) in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets prior + to applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass through + the filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, + METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will + override any unit that accompanies fetched + data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum alignment + period to use in a time series query For + example, if the data is published once every + 10 minutes, the `min_alignment_period` should + be at least 10 minutes. It would not make + sense to fetch and align data at one minute + intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver metrics + API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible + values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. The + value must be at least 60 + seconds. If a per-series + aligner other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, or + the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend + on the `metric_kind` and + the `value_type` of the + original time series. Reduction + can yield a time series + with a different `metric_kind` + or `value_type` than the + input time series. Time + series data must first be + aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An + `alignment_period` must + also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member + of exactly one subset. The + `cross_series_reducer` is + applied to each subset of + time series. It is not possible + to reduce across different + resource types, so this + field implicitly contains + `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the time + series have the same resource + type, then the time series + are aggregated into a single + output time series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. Not all + alignment operations may + be applied to all time series. + The valid choices depend + on the `metric_kind` and + `value_type` of the original + time series. Alignment can + change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in + order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must + be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. The + value must be at least 60 + seconds. If a per-series + aligner other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, or + the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend + on the `metric_kind` and + the `value_type` of the + original time series. Reduction + can yield a time series + with a different `metric_kind` + or `value_type` than the + input time series. Time + series data must first be + aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An + `alignment_period` must + also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member + of exactly one subset. The + `cross_series_reducer` is + applied to each subset of + time series. It is not possible + to reduce across different + resource types, so this + field implicitly contains + `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the time + series have the same resource + type, then the time series + are aggregated into a single + output time series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. Not all + alignment operations may + be applied to all time series. + The valid choices depend + on the `metric_kind` and + `value_type` of the original + time series. Alignment can + change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in + order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must + be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible + values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in a + XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods (e.g., + week-over-week metrics). The duration must be + positive, and it can only be applied to charts + with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a + linear scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a + linear scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + width: + description: The width of the tile, measured in grid squares. + format: int64 + type: integer + xPos: + description: The zero-indexed position of the tile in grid + squares relative to the left edge of the grid. + format: int64 + type: integer + yPos: + description: The zero-indexed position of the tile in grid + squares relative to the top edge of the grid. + format: int64 + type: integer + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rowLayout: + description: The content is divided into equally spaced rows and the + widgets are arranged horizontally. + properties: + rows: + description: The rows of content to display. + items: + properties: + weight: + description: The relative weight of this row. The row weight + is used to adjust the height of rows on the screen (relative + to peers). Greater the weight, greater the height of the + row on the screen. If omitted, a value of 1 is used while + rendering. + format: int64 + type: integer + widgets: + description: The display widgets arranged horizontally in + this row. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google + Cloud resource name of a `Project` resource + (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. For example, if the data + is published once every 10 minutes it would + not make sense to fetch and align data at + one minute intervals. This field is optional + and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine + the state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold + that triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum + alignment period to use in a time series + query For example, if the data is published + once every 10 minutes, the `min_alignment_period` + should be at least 10 minutes. It would + not make sense to fetch and align data + at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods + (e.g., week-over-week metrics). The duration + must be positive, and it can only be applied + to charts with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + type: object + type: object + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - goal + - projectRef + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservices.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringService + plural: monitoringservices + shortNames: + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Name used for UI elements listing this Service. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs + shortNames: + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. + items: + properties: + content: + type: string + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' + type: string + required: + - content + type: object + type: array + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. + type: string + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. + properties: + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' + type: string + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' + type: string + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. + type: string + required: + - filterLabels + - type + type: object + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for this uptime check config. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. + type: string + required: + - displayName + - projectRef + - timeout + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivityHub + plural: networkconnectivityhubs + shortNames: + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the hub. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the hub was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes + shortNames: + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the spoke. + type: string + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. + + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - hubRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the spoke was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies + shortNames: + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array + required: + - action + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies + shortNames: + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies + shortNames: + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEndpointPolicy + plural: networkservicesendpointpolicies + shortNames: + - gcpnetworkservicesendpointpolicy + - gcpnetworkservicesendpointpolicies + singular: networkservicesendpointpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizationPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + clientTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + endpointMatcher: + description: Required. A matcher that selects endpoints to which the + policies should be applied. + properties: + metadataLabelMatcher: + description: The matcher is based on node metadata presented by + xDS clients. + properties: + metadataLabelMatchCriteria: + description: 'Specifies how matching should be done. Supported + values are: MATCH_ANY: At least one of the Labels specified + in the matcher should match the metadata presented by xDS + client. MATCH_ALL: The metadata presented by the xDS client + should contain all of the labels specified here. The selection + is determined based on the best match. For example, suppose + there are three EndpointPolicy resources P1, P2 and P3 and + if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL + , and P3 has MATCH_ALL . If a client with label connects, + the config from P1 will be selected. If a client with label + connects, the config from P2 will be selected. If a client + with label connects, the config from P3 will be selected. + If there is more than one best match, (for example, if a + config P4 with selector exists and if a client with label + connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + metadataLabels: + description: The list of label value pairs that must match + labels in the provided metadata based on filterMatchCriteria + This list can have at most 64 entries. The list can be empty + if the match criteria is MATCH_ANY, to specify a wildcard + match (i.e this matches any client). + items: + properties: + labelName: + description: Required. Label name presented as key in + xDS Node Metadata. + type: string + labelValue: + description: Required. Label value presented as value + corresponding to the above key, in xDS Node Metadata. + type: string + required: + - labelName + - labelValue + type: object + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + trafficPortSelector: + description: Optional. Port selector for the (matched) endpoints. + If no port selector is provided, the matched config is applied to + all ports. + properties: + ports: + description: Optional. A list of ports. Can be port numbers or + port range (example, specifies all ports from 80 to 90, including + 80 and 90) or named ports or * to specify all ports. If the + list is empty, all ports are selected. + items: + type: string + type: array + type: object + type: + description: 'Required. The type of endpoint config. This is primarily + used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, + SIDECAR_PROXY, GRPC_SERVER' + type: string + required: + - endpointMatcher + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgateways.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGateway + plural: networkservicesgateways + shortNames: + - gcpnetworkservicesgateway + - gcpnetworkservicesgateways + singular: networkservicesgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addresses: + description: One or more addresses with ports in format of ":" that + the Gateway must receive traffic on. The proxy binds to the ports + specified. IP address can be anything that is allowed by the underlying + infrastructure (auto-allocation, static IP, BYOIP). + items: + type: string + type: array + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + ports: + description: Required. One or more ports that the Gateway must receive + traffic on. The proxy binds to the ports specified. Gateway listen + on 0.0.0.0 on the ports specified below. + items: + format: int64 + type: integer + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: Immutable. Required. Immutable. Scope determines how + configuration across multiple Gateway instances are merged. The + configuration for multiple Gateway instances with the same scope + will be merged as presented as a single coniguration to the proxy/load + balancer. Max length 64 characters. Scope should start with a letter + and can only have letters, numbers, hyphens. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. Immutable. The type of the customer managed + gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY' + type: string + required: + - location + - ports + - projectRef + - scope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGRPCRoute + plural: networkservicesgrpcroutes + shortNames: + - gcpnetworkservicesgrpcroute + - gcpnetworkservicesgrpcroutes + singular: networkservicesgrpcroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: 'Required. Service hostnames with an optional port for + which this route describes traffic. Format: [:] Hostname is the + fully qualified domain name of a network host. This matches the + RFC 1123 definition of a hostname with 2 notable exceptions: - IPs + are not allowed. - A hostname may be prefixed with a wildcard label + (*.). The wildcard label must appear by itself as the first label. + Hostname can be “precise” which is a domain name without the terminating + dot of a network host (e.g. “foo.example.com”) or “wildcard”, which + is a domain name prefixed with a single wildcard label (e.g. *.example.com). + Note that as per RFC1035 and RFC1123, a label must consist of lower + case alphanumeric characters or ‘-’, and must start and end with + an alphanumeric character. No other punctuation is allowed. The + routes associated with a Router must have unique hostnames. If you + attempt to attach multiple routes with conflicting hostnames, the + configuration will be rejected. For example, while it is acceptable + for routes for the hostnames "*.foo.bar.com" and "*.bar.com" to + be associated with the same route, it is not possible to associate + two routes both with "*.bar.com" or both with "bar.com". In the + case that multiple routes match the hostname, the most specific + match will be selected. For example, "foo.bar.baz.com" will take + precedence over "*.bar.baz.com" and "*.bar.baz.com" will take precedence + over "*.baz.com". If a port is specified, then gRPC clients must + use the channel URI with the port to match this rule (i.e. "xds:///service:123"), + otherwise they must supply the URI without a port (i.e. "xds:///service").' + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. A list of detailed rules defining how to route + traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated + with the first matching GrpcRoute.RouteRule will be executed. At + least one rule must be supplied. + items: + properties: + action: + description: Required. A detailed rule defining how to route + traffic. This field is required. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. If multiple destinations + are specified, traffic will be split between Backend Service(s) + according to the weight field of these destinations. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + faultInjectionPolicy: + description: Optional. The specification for fault injection + introduced into traffic to test the resiliency of clients + to destination service failure. As part of fault injection, + when clients send requests to a destination, delays can + be introduced on a percentage of requests before sending + those requests to the destination service. Similarly requests + from clients can be aborted by for a percentage of requests. + timeout and retry_policy will be ignored by clients that + are configured with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + retryPolicy: + description: Optional. Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specpfied, default + to 1. + format: int64 + type: integer + retryConditions: + description: '- connect-failure: Router will retry on + failures connecting to Backend Services, for example + due to connection timeouts. - refused-stream: Router + will retry if the backend service resets the stream + with a REFUSED_STREAM error code. This reset type + indicates that it is safe to retry. - cancelled: Router + will retry if the gRPC status code in the response + header is set to cancelled - deadline-exceeded: Router + will retry if the gRPC status code in the response + header is set to deadline-exceeded - resource-exhausted: + Router will retry if the gRPC status code in the response + header is set to resource-exhausted - unavailable: + Router will retry if the gRPC status code in the response + header is set to unavailable' + items: + type: string + type: array + type: object + timeout: + description: Optional. Specifies the timeout for selected + route. Timeout is computed from the time the request has + been fully processed (i.e. end of stream) up until the + response has been completely processed. Timeout includes + all retries. + type: string + type: object + matches: + description: Optional. Matches define conditions used for matching + the rule against incoming gRPC requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. If no matches field is specified, this rule will + unconditionally match traffic. + items: + properties: + headers: + description: Optional. Specifies a collection of headers + to match. + items: + properties: + key: + description: Required. The key of the header. + type: string + type: + description: 'Optional. Specifies how to match against + the value of the header. If not specified, a default + value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + value: + description: Required. The value of the header. + type: string + required: + - key + - value + type: object + type: array + method: + description: Optional. A gRPC method to match against. + If this field is empty or omitted, will match all methods. + properties: + caseSensitive: + description: Optional. Specifies that matches are + case sensitive. The default value is true. case_sensitive + must not be used with a type of REGULAR_EXPRESSION. + type: boolean + grpcMethod: + description: Required. Name of the method to match + against. If unspecified, will match all methods. + type: string + grpcService: + description: Required. Name of the service to match + against. If unspecified, will match all services. + type: string + type: + description: 'Optional. Specifies how to match against + the name. If not specified, a default value of "EXACT" + is used. Possible values: TYPE_UNSPECIFIED, EXACT, + REGULAR_EXPRESSION' + type: string + required: + - grpcMethod + - grpcService + type: object + type: object + type: array + required: + - action + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkserviceshttproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesHTTPRoute + plural: networkserviceshttproutes + shortNames: + - gcpnetworkserviceshttproute + - gcpnetworkserviceshttproutes + singular: networkserviceshttproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: Required. Hostnames define a set of hosts that should + match against the HTTP host header to select a HttpRoute to process + the request. Hostname is the fully qualified domain name of a network + host, as defined by RFC 1123 with the exception that ip addresses + are not allowed. Wildcard hosts are supported as "*" (no prefix + or suffix allowed). + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. + items: + properties: + action: + description: The detailed rule defining how to route matched + traffic. + properties: + corsPolicy: + description: The specification for allowing client side + cross-origin requests. + properties: + allowCredentials: + description: In response to a preflight request, setting + this to true indicates that the actual request can + include user credentials. This translates to the Access-Control-Allow-Credentials + header. Default value is false. + type: boolean + allowHeaders: + description: Specifies the content for Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: Specifies the regular expression patterns + that match allowed origins. For regular expression + grammar, please see https://github.com/google/re2/wiki/Syntax. + items: + type: string + type: array + allowOrigins: + description: Specifies the list of origins that will + be allowed to do CORS requests. An origin is allowed + if it matches either an item in allow_origins or an + item in allow_origin_regexes. + items: + type: string + type: array + disabled: + description: If true, the CORS policy is disabled. The + default value is false, which indicates that the CORS + policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: Specifies how long result of a preflight + request can be cached in seconds. This translates + to the Access-Control-Max-Age header. + type: string + type: object + destinations: + description: The destination to which traffic should be + forwarded. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights in + this destination list). For non-zero values, there + may be some epsilon from the exact proportion defined + here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + type: object + type: array + faultInjectionPolicy: + description: The specification for fault injection introduced + into traffic to test the resiliency of clients to backend + service failure. As part of fault injection, when clients + send requests to a backend service, delays can be introduced + on a percentage of requests before sending those requests + to the backend service. Similarly requests from clients + can be aborted for a percentage of requests. timeout and + retry_policy will be ignored by clients that are configured + with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + redirect: + description: If set, the request is directed as configured + by this field. + properties: + hostRedirect: + description: The host that will be used in the redirect + response instead of the one that was supplied in the + request. + type: string + httpsRedirect: + description: If set to true, the URL scheme in the redirected + request is set to https. If set to false, the URL + scheme of the redirected request will remain the same + as that of the request. The default is set to false. + type: boolean + pathRedirect: + description: The path that will be used in the redirect + response instead of the one that was supplied in the + request. path_redirect can not be supplied together + with prefix_redirect. Supply one alone or neither. + If neither is supplied, the path of the original request + will be used for the redirect. + type: string + portRedirect: + description: The port that will be used in the redirected + request instead of the one that was supplied in the + request. + format: int64 + type: integer + prefixRewrite: + description: Indicates that during redirection, the + matched prefix (or path) should be swapped with this + value. This option allows URLs be dynamically created + based on the request. + type: string + responseCode: + description: 'The HTTP Status code to use for the redirect. + Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, + SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT' + type: string + stripQuery: + description: if set to true, any accompanying query + portion of the original URL is removed prior to redirecting + the request. If set to false, the query portion of + the original URL is retained. The default is set to + false. + type: boolean + type: object + requestHeaderModifier: + description: The specification for modifying the headers + of a matching request prior to delivery of the request + to the destination. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + requestMirrorPolicy: + description: Specifies the policy on how requests intended + for the routes destination are shadowed to a separate + mirrored destination. Proxy will not wait for the shadow + destination to respond before returning the response. + Prior to sending traffic to the shadow service, the host/authority + header is suffixed with -shadow. + properties: + destination: + description: The destination the requests will be mirrored + to. The weight of the destination will be ignored. + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified + and it has a weight greater than 0, 100% of the + traffic is forwarded to that backend. If weights + are specified for any one service name, they need + to be specified for all of them. If weights are + unspecified for all services, then, traffic is + distributed in equal proportions to all of them.' + format: int64 + type: integer + type: object + type: object + responseHeaderModifier: + description: The specification for modifying the headers + of a response prior to sending the response back to the + client. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specified, default + to 1. + format: int64 + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per retry + attempt. + type: string + retryConditions: + description: 'Specifies one or more conditions when + this retry policy applies. Valid values are: 5xx: + Proxy will attempt a retry if the destination service + responds with any 5xx response code, of if the destination + service does not respond at all, example: disconnect, + reset, read timeout, connection failure and refused + streams. gateway-error: Similar to 5xx, but only applies + to response codes 502, 503, 504. reset: Proxy will + attempt a retry if the destination service does not + respond at all (disconnect/reset/read timeout) connect-failure: + Proxy will retry on failures connecting to destination + for example due to connection timeouts. retriable-4xx: + Proxy will retry fro retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream: Proxy will retry if the destination + resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry.' + items: + type: string + type: array + type: object + timeout: + description: Specifies the timeout for selected route. Timeout + is computed from the time the request has been fully processed + (i.e. end of stream) up until the response has been completely + processed. Timeout includes all retries. + type: string + urlRewrite: + description: The specification for rewrite URL before forwarding + requests to the destination. + properties: + hostRewrite: + description: Prior to forwarding the request to the + selected destination, the requests host header is + replaced by this value. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request to the + selected destination, the matching portion of the + requests path is replaced by this value. + type: string + type: object + type: object + matches: + description: A list of matches define conditions used for matching + the rule against incoming HTTP requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. + items: + properties: + fullPathMatch: + description: The HTTP request path value should exactly + match this value. Only one of full_path_match, prefix_match, + or regex_match should be used. + type: string + headers: + description: Specifies a list of HTTP request headers + to match against. ALL of the supplied headers must be + matched. + items: + properties: + exactMatch: + description: The value of the header should match + exactly the content of exact_match. + type: string + header: + description: The name of the HTTP header to match + against. + type: string + invertMatch: + description: If specified, the match result will + be inverted before checking. Default value is + set to false. + type: boolean + prefixMatch: + description: The value of the header must start + with the contents of prefix_match. + type: string + presentMatch: + description: A header with header_name must exist. + The match takes place whether or not the header + has a value. + type: boolean + rangeMatch: + description: If specified, the rule will match if + the request header value is within the range. + properties: + end: + description: End of the range (exclusive) + format: int64 + type: integer + start: + description: Start of the range (inclusive) + format: int64 + type: integer + type: object + regexMatch: + description: 'The value of the header must match + the regular expression specified in regex_match. + For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax' + type: string + suffixMatch: + description: The value of the header must end with + the contents of suffix_match. + type: string + type: object + type: array + ignoreCase: + description: Specifies if prefix_match and full_path_match + matches are case sensitive. The default value is false. + type: boolean + prefixMatch: + description: The HTTP request path value must begin with + specified prefix_match. prefix_match must begin with + a /. Only one of full_path_match, prefix_match, or regex_match + should be used. + type: string + queryParameters: + description: Specifies a list of query parameters to match + against. ALL of the query parameters must be matched. + items: + properties: + exactMatch: + description: The value of the query parameter must + exactly match the contents of exact_match. Only + one of exact_match, regex_match, or present_match + must be set. + type: string + presentMatch: + description: Specifies that the QueryParameterMatcher + matches if request contains query parameter, irrespective + of whether the parameter has a value or not. Only + one of exact_match, regex_match, or present_match + must be set. + type: boolean + queryParameter: + description: The name of the query parameter to + match. + type: string + regexMatch: + description: The value of the query parameter must + match the regular expression specified by regex_match. + For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax + Only one of exact_match, regex_match, or present_match + must be set. + type: string + type: object + type: array + regexMatch: + description: The HTTP request path value must satisfy + the regular expression specified by regex_match after + removing any query parameters and anchor supplied with + the original URL. For regular expression grammar, please + see https://github.com/google/re2/wiki/Syntax Only one + of full_path_match, prefix_match, or regex_match should + be used. + type: string + type: object + type: array + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesmeshes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesMesh + plural: networkservicesmeshes + shortNames: + - gcpnetworkservicesmesh + - gcpnetworkservicesmeshes + singular: networkservicesmesh + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + interceptionPort: + description: Optional. If set to a valid TCP port (1-65535), instructs + the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) + address. The SIDECAR proxy will expect all traffic to be redirected + to this port regardless of its actual ip:port destination. If unset, + a port '15001' is used as the interception port. This field is only + valid if the type of Mesh is SIDECAR. + format: int64 + type: integer + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestcproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTCPRoute + plural: networkservicestcproutes + shortNames: + - gcpnetworkservicestcproute + - gcpnetworkservicestcproutes + singular: networkservicestcproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + originalDestination: + description: Optional. If true, Router will use the destination + IP and port of the original connection as the destination + of the request. Default is false. + type: boolean + type: object + matches: + description: Optional. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are “OR”ed for evaluation. If no routeMatch field is specified, + this rule will unconditionally match traffic. + items: + properties: + address: + description: 'Required. Must be specified in the CIDR + range format. A CIDR range consists of an IP Address + and a prefix length to construct the subnet mask. By + default, the prefix length is 32 (i.e. matches a single + IP address). Only IPV4 addresses are supported. Examples: + “10.0.0.1” - matches against this exact IP address. + “10.0.0.0/8" - matches against any IP address within + the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" + - matches against any IP address''.' + type: string + port: + description: Required. Specifies the destination port + to match against. + type: string + required: + - address + - port + type: object + type: array + required: + - action + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestlsroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTLSRoute + plural: networkservicestlsroutes + shortNames: + - gcpnetworkservicestlsroute + - gcpnetworkservicestlsroutes + singular: networkservicestlsroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Required. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwareded to the backend referenced by + the service_name field. This is computed as: weight/Sum(weights + in destinations) Weights in all destinations does + not need to sum up to 100.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + required: + - destinations + type: object + matches: + description: Required. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are "OR"ed for evaluation. + items: + properties: + alpn: + description: 'Optional. ALPN (Application-Layer Protocol + Negotiation) to match against. Examples: "http/1.1", + "h2". At least one of sni_host and alpn is required. + Up to 5 alpns across all matches can be set.' + items: + type: string + type: array + sniHost: + description: Optional. SNI (server name indicator) to + match against. SNI will be matched against all wildcard + domains, i.e. www.example.com will be first matched + against www.example.com, then *.example.com, then *.com. + Partial wildcards are not supported, and values like + *w.example.com are invalid. At least one of sni_host + and alpn is required. Up to 5 sni hosts across all matches + can be set. + items: + type: string + type: array + type: object + type: array + required: + - action + - matches + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigguestpolicies.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigGuestPolicy + plural: osconfigguestpolicies + shortNames: + - gcposconfigguestpolicy + - gcposconfigguestpolicies + singular: osconfigguestpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assignment: + description: Specifies the VMs that are assigned this policy. This + allows you to target sets or groups of VMs by different parameters + such as labels, names, OS, or zones. Empty assignments will target + ALL VMs underneath this policy. Conflict Management Policies that + exist higher up in the resource hierarchy (closer to the Org) will + override those lower down if there is a conflict. At the same level + in the resource hierarchy (ie. within a project), the service will + prevent the creation of multiple policies that conflict with each + other. If there are multiple policies that specify the same config + (eg. package, software recipe, repository, etc.), the service will + ensure that no VM could potentially receive instructions from both + policies. To create multiple policies that specify different versions + of a package or different configs for different Operating Systems, + each policy must be mutually exclusive in their targeting according + to labels, OS, or other criteria. Different configs are identified + for conflicts in different ways. Packages are identified by their + name and the package manager(s) they target. Package repositories + are identified by their unique id where applicable. Some package + managers don't have a unique identifier for repositories and where + that's the case, no uniqueness is validated by the service. Note + that if OS Inventory is disabled, a VM will not be assigned a policy + that targets by OS because the service will see this VM's OS as + unknown. + properties: + groupLabels: + description: Targets instances matching at least one of these + label sets. This allows an assignment to target disparate groups, + for example "env=prod or env=staging". + items: + properties: + labels: + additionalProperties: + type: string + description: Google Compute Engine instance labels that + must be present for an instance to be included in this + assignment group. + type: object + type: object + type: array + instanceNamePrefixes: + description: Targets VM instances whose name starts with one of + these prefixes. Like labels, this is another way to group VM + instances when targeting configs, for example prefix="prod-". + Only supported for project-level policies. + items: + type: string + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + osTypes: + description: Targets VM instances matching at least one of the + following OS types. VM instances must match all supplied criteria + for a given OsType to be included. + items: + properties: + osArchitecture: + description: Targets VM instances with OS Inventory enabled + and having the following OS architecture. + type: string + osShortName: + description: Targets VM instances with OS Inventory enabled + and having the following OS short name, for example "debian" + or "windows". + type: string + osVersion: + description: Targets VM instances with OS Inventory enabled + and having the following following OS version. + type: string + type: object + type: array + zones: + description: Targets instances in any of these zones. Leave empty + to target instances in any zone. Zonal targeting is uncommon + and is supported to facilitate the management of changes by + zone. + items: + type: string + type: array + type: object + description: + description: Description of the GuestPolicy. Length of the description + is limited to 1024 characters. + type: string + packageRepositories: + description: List of package repository configurations assigned to + the VM instance. + items: + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Type of archive files in this repository. + The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, + DEB, DEB_SRC' + type: string + components: + description: Required. List of components for this repository. + Must contain at least one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this repository. + type: string + gpgKey: + description: URI of the key file for this repository. The + agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` + containing all the keys in any applied guest policy. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the Yum config file + and also the `display_name` if `display_name` is omitted. + This id is also used as the unique identifier when checking + for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the zypper config + file and also the `display_name` if `display_name` is + omitted. This id is also used as the unique identifier + when checking for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + type: array + packages: + description: List of package configurations assigned to the VM instance. + items: + properties: + desiredState: + description: 'The desired_state the agent should maintain for + this package. The default is to ensure the package is installed. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + manager: + description: 'Type of package manager that can be used to install + this package. If a system does not have the package manager, + the package is not installed or removed no error message is + returned. By default, or if you specify `ANY`, the agent attempts + to install and remove this package using the default package + manager. This is useful when creating a policy that applies + to different types of systems. The default behavior is ANY. + Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, + GOO' + type: string + name: + description: Required. The name of the package. A package is + uniquely identified for conflict validation by checking the + package name and the manager(s) that the package targets. + type: string + type: object + type: array + recipes: + description: Optional. A list of Recipes to install on the VM. + items: + properties: + artifacts: + description: Resources available to be used in the steps in + the recipe. + items: + properties: + allowInsecure: + description: 'Defaults to false. When false, recipes are + subject to validations based on the artifact type: Remote: + A checksum must be specified, and only protocols with + transport-layer security are permitted. GCS: An object + generation number must be specified.' + type: boolean + gcs: + description: A Google Cloud Storage artifact. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: Must be provided if allow_insecure is + false. Generation number of the Google Cloud Storage + object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `1234567`. + format: int64 + type: integer + object: + description: 'Name of the Google Cloud Storage object. + As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) + Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `foo/bar`.' + type: string + type: object + id: + description: Required. Id of the artifact, which the installation + and update steps of this recipe can reference. Artifacts + in a recipe cannot have the same id. + type: string + remote: + description: A generic remote artifact. + properties: + checksum: + description: Must be provided if `allow_insecure` + is `false`. SHA256 checksum in hex format, to compare + to the checksum of the artifact. If the checksum + is not empty and it doesn't match the artifact then + the recipe installation fails before running any + of the steps. + type: string + uri: + description: 'URI from which to fetch the object. + It should contain both the protocol and path following + the format: {protocol}://{location}.' + type: string + type: object + type: object + type: array + desiredState: + description: 'Default is INSTALLED. The desired state the agent + should maintain for this recipe. INSTALLED: The software recipe + is installed on the instance but won''t be updated to new + versions. UPDATED: The software recipe is installed on the + instance. The recipe is updated to a higher version, if a + higher version of the recipe is assigned to this instance. + REMOVE: Remove is unsupported for software recipes and attempts + to create or update a recipe to the REMOVE state is rejected. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + installSteps: + description: Actions to be taken for installing this recipe. + On failure it stops executing steps and does not attempt another + installation. Any steps taken (including partially completed + steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + name: + description: Required. Unique identifier for the recipe. Only + one recipe with a given name is installed on an instance. + Names are also used to identify resources which helps to determine + whether guest policies have conflicts. This means that requests + to create multiple recipes with the same name and version + are rejected since they could potentially have conflicting + assignments. + type: string + updateSteps: + description: Actions to be taken for updating this recipe. On + failure it stops executing steps and does not attempt another + update for this recipe. Any steps taken (including partially + completed steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + version: + description: The version of this software recipe. Version can + be up to 4 period separated numbers (e.g. 12.34.56.78). + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. Time this GuestPolicy was created. + format: date-time + type: string + etag: + description: The etag for this GuestPolicy. If this is provided on + update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Last time this GuestPolicy was updated. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigospolicyassignments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigOSPolicyAssignment + plural: osconfigospolicyassignments + shortNames: + - gcposconfigospolicyassignment + - gcposconfigospolicyassignments + singular: osconfigospolicyassignment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: OS policy assignment description. Length of the description + is limited to 1024 characters. + type: string + instanceFilter: + description: Required. Filter to select VMs. + properties: + all: + description: Target all VMs in the project. If true, no other + criteria is permitted. + type: boolean + exclusionLabels: + description: List of label sets used for VM exclusion. If the + list has more than one label set, the VM is excluded if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inclusionLabels: + description: List of label sets used for VM inclusion. If the + list has more than one `LabelSet`, the VM is included if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inventories: + description: List of inventories to select VMs. A VM is selected + if its inventory data matches at least one of the following + inventories. + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. For + example, to match all versions with a major version of + `7`, specify the following value for this field `7.*` + An empty string matches all OS versions. + type: string + required: + - osShortName + type: object + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + osPolicies: + description: Required. List of OS policies to be applied to the VMs. + items: + properties: + allowNoResourceGroupMatch: + description: This flag determines the OS policy compliance status + when none of the resource groups within the policy are applicable + for a VM. Set this value to `true` if the policy needs to + be reported as compliant even if the policy has nothing to + validate or enforce. + type: boolean + description: + description: Policy description. Length of the description is + limited to 1024 characters. + type: string + id: + description: 'Required. The id of the OS policy with the following + restrictions: * Must contain only lowercase letters, numbers, + and hyphens. * Must start with a letter. * Must be between + 1-63 characters. * Must end with a number or a letter. * Must + be unique within the assignment.' + type: string + mode: + description: 'Required. Policy mode Possible values: MODE_UNSPECIFIED, + VALIDATION, ENFORCEMENT' + type: string + resourceGroups: + description: Required. List of resource groups for the policy. + For a particular VM, resource groups are evaluated in the + order specified and the first resource group that is applicable + is selected and the rest are ignored. If none of the resource + groups are applicable for a VM, the VM is considered to be + non-compliant w.r.t this policy. This behavior can be toggled + by the flag `allow_no_resource_group_match` + items: + properties: + inventoryFilters: + description: 'List of inventory filters for the resource + group. The resources in this resource group are applied + to the target VM if it satisfies at least one of the + following inventory filters. For example, to apply this + resource group to VMs running either `RHEL` or `CentOS` + operating systems, specify 2 items for the list with + following values: inventory_filters[0].os_short_name=''rhel'' + and inventory_filters[1].os_short_name=''centos'' If + the list is empty, this resource group will be applied + to the target VM unconditionally.' + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. + For example, to match all versions with a major + version of `7`, specify the following value for + this field `7.*` An empty string matches all OS + versions. + type: string + required: + - osShortName + type: object + type: array + resources: + description: Required. List of resources configured for + this resource group. The resources are executed in the + exact order specified here. + items: + properties: + exec: + description: Exec resource + properties: + enforce: + description: What to run to bring this resource + into the desired state. An exit code of 100 + indicates "success", any other exit code indicates + a failure running enforce. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + validate: + description: Required. What to run to validate + this resource is in the desired state. An + exit code of 100 indicates "in desired state", + and exit code of 101 indicates "not in desired + state". Any other exit code indicates a failure + running validate. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + required: + - validate + type: object + file: + description: File resource + properties: + content: + description: A a file with this content. The + size of the content is limited to 1024 characters. + type: string + file: + description: A remote or local source. + properties: + allowInsecure: + description: 'Defaults to false. When false, + files are subject to validations based + on the file type: Remote: A checksum must + be specified. Cloud Storage: An object + generation number must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of the + Cloud Storage object. + type: string + generation: + description: Generation number of the + Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the Cloud + Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the VM + to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of the + remote file. + type: string + uri: + description: Required. URI from which + to fetch the object. It should contain + both the protocol and path following + the format `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + path: + description: Required. The absolute path of + the file within the VM. + type: string + permissions: + description: 'Consists of three octal digits + which represent, in order, the permissions + of the owner, group, and other users for the + file (similarly to the numeric mode used in + the linux chmod utility). Each digit represents + a three bit number with the 4 bit corresponding + to the read permissions, the 2 bit corresponds + to the write bit, and the one bit corresponds + to the execute permission. Default behavior + is 755. Below are some examples of permissions + and their associated values: read, write, + and execute: 7 read and execute: 5 read and + write: 6 read only: 4' + type: string + state: + description: 'Required. Desired state of the + file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, + COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE' + type: string + required: + - path + - state + type: object + id: + description: 'Required. The id of the resource with + the following restrictions: * Must contain only + lowercase letters, numbers, and hyphens. * Must + start with a letter. * Must be between 1-63 characters. + * Must end with a number or a letter. * Must be + unique within the OS policy.' + type: string + pkg: + description: Package resource + properties: + apt: + description: A package managed by Apt. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + deb: + description: A deb package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `dpkg -i package` - install when true: + `apt-get update && apt-get -y install + package.deb`' + type: boolean + source: + description: Required. A deb package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + desiredState: + description: 'Required. The desired state the + agent should maintain for this package. Possible + values: DESIRED_STATE_UNSPECIFIED, INSTALLED, + REMOVED' + type: string + googet: + description: A package managed by GooGet. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + msi: + description: An MSI package. + properties: + properties: + description: Additional properties to use + during installation. This should be in + the format of Property=Setting. Appended + to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. + items: + type: string + type: array + source: + description: Required. The MSI package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + rpm: + description: An rpm package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `rpm --upgrade --replacepkgs package.rpm` + - install when true: `yum -y install package.rpm` + or `zypper -y install package.rpm`' + type: boolean + source: + description: Required. An rpm package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + yum: + description: A package managed by YUM. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + zypper: + description: A package managed by Zypper. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + required: + - desiredState + type: object + repository: + description: Package repository resource + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Required. Type of archive + files in this repository. Possible values: + ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' + type: string + components: + description: Required. List of components + for this repository. Must contain at least + one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this + repository. + type: string + gpgKey: + description: URI of the key file for this + repository. The agent maintains a keyring + at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - archiveType + - components + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the yum config file and also + the `display_name` if `display_name` is + omitted. This id is also used as the unique + identifier when checking for resource + conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the zypper config file and + also the `display_name` if `display_name` + is omitted. This id is also used as the + unique identifier when checking for GuestPolicy + conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is not set, the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schemaSettings: + description: Settings for validating messages published against a + schema. + properties: + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - schemaRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com +spec: + group: recaptchaenterprise.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys + shortNames: + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array + type: object + displayName: + description: Human-readable display name of this key. Modifiable by + user. + type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. + properties: + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. + type: boolean + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. + type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. + type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string + tier: + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + type: string + required: + - memorySizeGb + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string + type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time of creation. + type: string + name: + description: A system-generated unique identifier for this Lien. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies + shortNames: + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. + properties: + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced + type: object + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . + properties: + allow: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean + required: + - default + type: object + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: Required. The template used to create revisions for this + Service. + properties: + annotations: + additionalProperties: + type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: + type: string + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. + properties: + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. + properties: + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + name: + description: Required. Volume's name. + type: string + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' + format: int64 + type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object + type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string + type: object + type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. + properties: + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecret + plural: secretmanagersecrets + shortNames: + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. + items: + properties: + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string + required: + - location + type: object + type: array + required: + - replicas + type: object + type: object + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. + properties: + nextRotationTime: + description: |- + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. + type: string + type: object + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - replication + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions + shortNames: + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretRef: + description: Secret Manager secret resource + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string + name: + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints + shortNames: + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer + resourceID: + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces + shortNames: + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryService + plural: servicedirectoryservices + shortNames: + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - namespaceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceIdentity + plural: serviceidentities + shortNames: + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com +spec: + group: servicenetworking.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections + shortNames: + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. + type: string + required: + - networkRef + - reservedPeeringRanges + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + peering: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: services.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com +spec: + group: sourcerepo.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SourceRepoRepository + plural: sourcereporepositories + shortNames: + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: An explanation of the status of the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerinstances.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerInstance + plural: spannerinstances + shortNames: + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: |- + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + type: string + displayName: + description: |- + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - config + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqldatabases.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLDatabase + plural: sqldatabases + shortNames: + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlinstances.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLInstance + plural: sqlinstances + shortNames: + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. + type: string + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: string + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. + type: string + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. + type: string + required: + - tier + type: object + required: + - settings + type: object + status: + properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlsslcerts.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLSSLCert + plural: sqlsslcerts + shortNames: + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - commonName + - instanceRef + type: object + status: + properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlusers.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLUser + plural: sqlusers + shortNames: + - gcpsqluser + - gcpsqlusers + singular: sqluser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + password: + description: |- + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. + type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols + shortNames: + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' + type: string + required: + - bucketRef + - entity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebuckets.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucket + plural: storagebuckets + shortNames: + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object + required: + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. + properties: + logBucket: + description: The bucket that will receive log objects. + type: string + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. + type: string + required: + - logBucket + type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols + shortNames: + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' + type: string + required: + - bucketRef + - entity + - role + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagenotifications.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageNotification + plural: storagenotifications + shortNames: + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. + type: string + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". + type: string + resourceID: + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - bucketRef + - payloadFormat + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notificationId: + description: The ID of the created notification. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferJob + plural: storagetransferjobs + shortNames: + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Unique description to identify the Transfer Job. + type: string + notificationConfig: + description: Notification configuration. + properties: + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - payloadFormat + - topicRef + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. + properties: + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' + type: string + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. + properties: + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. + type: integer + required: + - hours + - minutes + - nanos + - seconds + type: object + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. + properties: + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. + type: string + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. + type: string + required: + - bucketName + type: object + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. + properties: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + gcsDataSource: + description: A Google Cloud Storage data source. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. + type: string + required: + - listUrl + type: object + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object + type: object + required: + - description + - transferSpec + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: When the Transfer Job was created. + type: string + deletionTime: + description: When the Transfer Job was deleted. + type: string + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagBinding + plural: tagstagbindings + shortNames: + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagkeys.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagKey + plural: tagstagkeys + shortNames: + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parent + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagvalues.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagValue + plural: tagstagvalues + shortNames: + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parentRef + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: vpcaccessconnectors.vpcaccess.cnrm.cloud.google.com +spec: + group: vpcaccess.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VPCAccessConnector + plural: vpcaccessconnectors + shortNames: + - gcpvpcaccessconnector + - gcpvpcaccessconnectors + singular: vpcaccessconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ipCidrRange: + description: 'Immutable. The range of internal addresses that follows + RFC 4632 notation. Example: `10.132.0.0/28`.' + type: string + location: + description: Immutable. The location for the resource + type: string + machineType: + description: Immutable. Machine type of VM Instance underlying connector. + Default is e2-micro + type: string + maxInstances: + description: Immutable. Maximum value of instances in autoscaling + group underlying the connector. + format: int64 + type: integer + maxThroughput: + description: Immutable. Maximum throughput of the connector in Mbps. + Default is 200, max is 1000. + format: int64 + type: integer + minInstances: + description: Immutable. Minimum value of instances in autoscaling + group underlying the connector. + format: int64 + type: integer + minThroughput: + description: Immutable. Minimum throughput of the connector in Mbps. + Default and min is 200. + format: int64 + type: integer + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of a VPC network. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnet: + description: Immutable. The subnet in which to house the VPC Access + Connector. + properties: + nameRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be: {subnetName} + + Allowed value: The Google Cloud resource name of a `ComputeSubnetwork` resource (format: `projects/{{project}}/regions/{{region}}/subnetworks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedProjects: + description: Output only. List of projects using the connector. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the VPC access connector. Possible + values: STATE_UNSPECIFIED, READY, CREATING, DELETING, ERROR, UPDATING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml b/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml new file mode 100644 index 0000000000..a12e86d607 --- /dev/null +++ b/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml @@ -0,0 +1,1880 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-unmanaged-detector + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-unmanaged-detector-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-unmanaged-detector + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.102.0 + image: gcr.io/cnrm-eap/recorder:fc8237b + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + hostPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: false + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/cnrm-eap/webhook:fc8237b + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/cnrm-eap/deletiondefender:fc8237b + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + serviceName: unmanaged-detector + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/unmanageddetector + image: gcr.io/cnrm-eap/unmanageddetector:fc8237b + imagePullPolicy: Always + name: unmanageddetector + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-unmanaged-detector + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 90 diff --git a/install-bundles/install-bundle-autopilot-namespaced/crds.yaml b/install-bundles/install-bundle-autopilot-namespaced/crds.yaml new file mode 100644 index 0000000000..1871feb5e1 --- /dev/null +++ b/install-bundles/install-bundle-autopilot-namespaced/crds.yaml @@ -0,0 +1,80645 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevel + plural: accesscontextmanageraccesslevels + shortNames: + - gcpaccesscontextmanageraccesslevel + - gcpaccesscontextmanageraccesslevels + singular: accesscontextmanageraccesslevel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerAccessLevel lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + basic: + description: A set of predefined conditions for the access level and + a combining function. + properties: + combiningFunction: + description: |- + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]. + type: string + conditions: + description: A set of requirements for the AccessLevel to be granted. + items: + properties: + devicePolicy: + description: |- + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", + "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", + "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' + type: string + requireVerifiedChromeOs: + description: If you specify DESKTOP_CHROME_OS + for osType, you can optionally include requireVerifiedChromeOs + to require Chrome Verified Access. + type: boolean + required: + - osType + type: object + type: array + requireAdminApproval: + description: Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + items: + description: |- + An allowed list of members (users, service accounts). + Using groups is not supported. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format + `serviceAccount:{{value}}`, where {{value}} + is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + negate: + description: |- + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + items: + description: |- + A list of other access levels defined in the same policy. + Referencing an AccessContextManagerAccessLevel which does not exist + is an error. All access levels listed must be granted for the + condition to be true. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + type: array + required: + - conditions + type: object + custom: + description: "Custom access level conditions are set using the Cloud + Common Expression Language to represent the necessary conditions + for the level to apply to a request. \nSee CEL spec at: https://github.com/google/cel-spec." + properties: + expr: + description: "Represents a textual expression in the Common Expression + Language (CEL) syntax. CEL is a C-like expression language.\nThis + page details the objects and attributes that are used to the + build the CEL expressions for \ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec." + properties: + description: + description: Description of the expression. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: String indicating the location of the expression + for error reporting, e.g. a file name and a position in + the file. + type: string + title: + description: Title for the expression, i.e. a short string + describing its purpose. + type: string + required: + - expression + type: object + required: + - expr + type: object + description: + description: Description of the AccessLevel and its use. Does not + affect behavior. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + title: + description: Human readable title. Must be unique within the Policy. + type: string + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessPolicy + plural: accesscontextmanageraccesspolicies + shortNames: + - gcpaccesscontextmanageraccesspolicy + - gcpaccesscontextmanageraccesspolicies + singular: accesscontextmanageraccesspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + title: + description: Human readable title. Does not affect behavior. + type: string + required: + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + name: + description: 'Resource name of the AccessPolicy. Format: {policy_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeter + plural: accesscontextmanagerserviceperimeters + shortNames: + - gcpaccesscontextmanagerserviceperimeter + - gcpaccesscontextmanagerserviceperimeters + singular: accesscontextmanagerserviceperimeter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerServicePerimeter lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: |- + Description of the ServicePerimeter and its use. Does not affect + behavior. + type: string + perimeterType: + description: |- + Immutable. Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: |- + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the 'useExplicitDryRunSpec' flag is set. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: "List of EgressPolicies to apply to the perimeter. + A perimeter may \nhave multiple EgressPolicies, each of which + is evaluated separately.\nAccess is granted if any EgressPolicy + grants it. Must be empty for \na perimeter bridge." + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access to outside the \nperimeter. If + left unspecified, then members of 'identities' field + will \nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + type: object + egressTo: + description: "Defines the conditions on the 'ApiOperation' + and destination resources that \ncause this 'EgressPolicy' + to apply." + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: "A list of 'ApiOperations' that this egress + rule applies to. A request matches \nif it contains + an operation/service in this list." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong \nto the service + specified by 'serviceName' field. A single MethodSelector + \nentry with '*' specified for the 'method' + field will allow all methods \nAND permissions + for the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for 'method' should + be a valid method name for the corresponding + \n'serviceName' in 'ApiOperation'. If + '*' used as value for method, \nthen ALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + serviceName \nfield set to '*' will allow all + methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + ingress policy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access from outside the \nperimeter. If + left unspecified, then members of 'identities' field + will be \nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: "A list of 'ApiOperations' the sources + specified in corresponding 'IngressFrom' \nare allowed + to perform in this 'ServicePerimeter'." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong to \nthe service + specified by serviceName field. A single 'MethodSelector' + entry \nwith '*' specified for the method field + will allow all methods AND \npermissions for + the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for method should be + a valid method name for the corresponding + \nserviceName in 'ApiOperation'. If '*' + used as value for 'method', then \nALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + 'serviceName' \nfield set to '*' will allow + all methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + status: + description: |- + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: "List of EgressPolicies to apply to the perimeter. + A perimeter may \nhave multiple EgressPolicies, each of which + is evaluated separately.\nAccess is granted if any EgressPolicy + grants it. Must be empty for \na perimeter bridge." + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access to outside the \nperimeter. If + left unspecified, then members of 'identities' field + will \nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + type: object + egressTo: + description: "Defines the conditions on the 'ApiOperation' + and destination resources that \ncause this 'EgressPolicy' + to apply." + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: "A list of 'ApiOperations' that this egress + rule applies to. A request matches \nif it contains + an operation/service in this list." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong \nto the service + specified by 'serviceName' field. A single MethodSelector + \nentry with '*' specified for the 'method' + field will allow all methods \nAND permissions + for the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for 'method' should + be a valid method name for the corresponding + \n'serviceName' in 'ApiOperation'. If + '*' used as value for method, \nthen ALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + serviceName \nfield set to '*' will allow all + methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access from outside the \nperimeter. If + left unspecified, then members of 'identities' field + will be \nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: "A list of 'ApiOperations' the sources + specified in corresponding 'IngressFrom' \nare allowed + to perform in this 'ServicePerimeter'." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong to \nthe service + specified by serviceName field. A single 'MethodSelector' + entry \nwith '*' specified for the method field + will allow all methods AND \npermissions for + the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for method should be + a valid method name for the corresponding + \nserviceName in 'ApiOperation'. If '*' + used as value for 'method', then \nALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + 'serviceName' \nfield set to '*' will allow + all methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + title: + description: Human readable title. Must be unique within the Policy. + type: string + useExplicitDryRunSpec: + description: |- + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. + type: boolean + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeenvironments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvironment + plural: apigeeenvironments + shortNames: + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apigeeOrganizationRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: + type: string + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apigeeOrganizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeorganizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeOrganization + plural: apigeeorganizations + shortNames: + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean + type: object + type: object + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string + required: + - analyticsRegion + - projectRef + - runtimeType + type: object + status: + properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com +spec: + group: artifactregistry.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories + shortNames: + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The user-provided description of the repository. + type: string + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + type: string + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The name of the location this repository is + located in. + type: string + mavenConfig: + description: |- + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string + type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object + resourceID: + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + required: + - format + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + name: + description: |- + The name of the repository, for example: + "projects/p1/locations/us-central1/repositories/repo1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasets.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataset + plural: bigquerydatasets + shortNames: + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryJob + plural: bigqueryjobs + shortNames: + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + copy: + description: Immutable. Copies a table. + properties: + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - sourceTables + type: object + extract: + description: Immutable. Configures an extract job. + properties: + compression: + description: |- + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + type: string + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + type: string + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: + type: string + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. + properties: + allowJaggedRows: + description: |- + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + type: string + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + type: string + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + items: + type: string + type: array + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. + items: + type: string + type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - destinationTable + - sourceUris + type: object + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobType: + description: The type of the job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. + items: + properties: + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' + type: string + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. + type: string + type: object + type: array + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: + description: |- + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + items: + type: string + type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string + required: + - datasetRef + - definitionBody + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerytables.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryTable + plural: bigquerytables + shortNames: + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: The field description. + type: string + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. + type: string + required: + - kmsKeyRef + type: object + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. + properties: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean + required: + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". + type: string + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". + type: string + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". + properties: + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. + type: string + fieldDelimiter: + description: The separator for fields in a CSV file. + type: string + quote: + type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote + type: object + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". + properties: + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' + type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer + type: object + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. + properties: + mode: + description: When set, what mode of hive partitioning to use + when reading data. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. + type: string + type: object + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. + properties: + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start + type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query + type: object + required: + - datasetRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: + description: Describes the table type. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableAppProfile + plural: bigtableappprofiles + shortNames: + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Long form description of the use case for this app profile. + type: string + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: + description: |- + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean + resourceID: + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + singleClusterRouting: + description: Use a single-cluster routing policy. + properties: + allowTransactionalWrites: + description: |- + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. + type: string + required: + - clusterId + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableGCPolicy + plural: bigtablegcpolicies + shortNames: + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: Immutable. The name of the column family. + type: string + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." + type: string + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableinstances.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableInstance + plural: bigtableinstances + shortNames: + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. + type: string + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtabletables.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableTable + plural: bigtabletables + shortNames: + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. + items: + properties: + family: + description: The name of the column family. + type: string + required: + - family + type: object + type: array + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com +spec: + group: billingbudgets.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets + shortNames: + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string + type: object + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The billing account of the resource + + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. + items: + properties: + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. + properties: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: + properties: + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. + type: string + comment: + description: Optional. A descriptive comment. This field + may be updated. + type: string + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. + type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object + type: object + type: array + required: + - noteRef + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time + type: string + userOwnedDrydockNote: + properties: + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies + shortNames: + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. + items: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - defaultAdmissionRule + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudBuildTrigger + plural: cloudbuildtriggers + shortNames: + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object + build: + description: Contents of the build template. Either a filename or + build template must be provided. + properties: + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array + required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." + type: string + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: + type: string + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. + type: boolean + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." + type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + type: string + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. + type: string + type: object + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com +spec: + group: cloudfunctions.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions + shortNames: + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: + description: |- + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. + properties: + eventType: + description: |- + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. + type: string + required: + - eventType + - resourceRef + type: object + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. + properties: + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' + type: string + type: object + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. + type: string + required: + - url + type: object + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC + type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - region + - runtime + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. + type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityGroup + plural: cloudidentitygroups + shortNames: + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + type: string + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. + properties: + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + type: string + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. + type: string + required: + - id + type: object + initialGroupConfig: + description: |- + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + type: string + labels: + additionalProperties: + type: string + description: |- + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - groupKey + - labels + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the Group was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityMembership + plural: cloudidentitymemberships + shortNames: + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group for the resource + + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array + required: + - groupRef + - preferredMemberKey + - roles + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available + properties: + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' + type: string + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com +spec: + group: cloudscheduler.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudSchedulerJob + plural: cloudschedulerjobs + shortNames: + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineHttpTarget: + description: App Engine HTTP target. + properties: + appEngineRouting: + description: App Engine Routing setting for the job. + properties: + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). + type: string + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. + type: string + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. + type: string + type: object + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer + type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string + required: + - location + type: object + status: + properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: 'Immutable. The type of address to reserve. Default value: + "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbuckets.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucket + plural: computebackendbuckets + shortNames: + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: |- + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservices.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendService + plural: computebackendservices + shortNames: + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. + properties: + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + type: integer + type: object + circuitBreakers: + description: |- + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + connectionDrainingTimeoutSec: + description: |- + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: + description: |- + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + properties: + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + type: string + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: string + type: object + consistentHash: + description: |- + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer + type: object + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. + properties: + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number + type: object + healthChecks: + items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef + properties: + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. + type: string + oauth2ClientIdRef: + description: |- + Only `external` field is supported to configure the reference. + + OAuth2 Client ID for IAP. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string + required: + - name + type: object + policy: + description: The configuration for a built-in load balancing + policy. + properties: + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + required: + - name + type: object + type: object + type: array + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + + + If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, + session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The security policy associated with this backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computedisks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDisk + plural: computedisks + shortNames: + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskEncryptionKey: + description: |- + Immutable. Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + imageRef: + description: The image from which to initialize this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sourceDiskId: + description: |- + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeexternalvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways + shortNames: + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicy + plural: computefirewallpolicies + shortNames: + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + required: + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations + shortNames: + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules + shortNames: + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computefirewalls.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewall + plural: computefirewalls + shortNames: + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. Only IPv4 is supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + type: string + disabled: + description: |- + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + type: boolean + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: + description: |- + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array + required: + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeforwardingrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeForwardingRule + plural: computeforwardingrules + shortNames: + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: + description: |- + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + ipAddress: + description: |- + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: + description: |- + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string + selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHealthCheck + plural: computehealthchecks + shortNames: + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. + properties: + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + type: string + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + type: object + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttphealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks + shortNames: + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttpshealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks + shortNames: + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeImage + plural: computeimages + shortNames: + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: + description: |- + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: + description: |- + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: + description: |- + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + status: + properties: + archiveSizeBytes: + description: |- + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. + items: + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object + type: array + type: object + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. + items: + properties: + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: + properties: + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. + type: string + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' + properties: + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean + type: object + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be exactly 375GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. A subnetwork with purpose set to + INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is + reserved for Internal HTTP(S) Load Balancing. + + If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. Currently, this field is only used when + purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE + or BACKUP. An ACTIVE subnetwork is one that is currently being used + for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that + is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + items: + properties: + name: + description: |- + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + type: string + value: + description: |- + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + prefixMatch: + description: |- + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + type: string + queryParameterMatches: + description: |- + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + items: + properties: + exactMatch: + description: |- + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + type: string + name: + description: |- + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + type: string + presentMatch: + description: |- + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + type: boolean + regexMatch: + description: |- + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + type: string + required: + - name + type: object + type: array + regexMatch: + description: |- + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + type: string + type: object + type: array + priority: + description: |- + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + type: integer + routeAction: + description: |- + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: |- + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable. + items: + type: string + type: array + required: + - numRetries + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + type: string + urlRedirect: + description: |- + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + type: boolean + type: object + required: + - priority + type: object + type: array + required: + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + test: + description: |- + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + items: + properties: + description: + description: Description of this test case. + type: string + host: + description: Host portion of the URL. + type: string + path: + description: Path portion of the URL. + type: string + service: + description: |- + The backend service resource that should be matched by this test. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - host + - path + - service + type: object + type: array + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + mapId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNGateway + plural: computevpngateways + shortNames: + - gcpcomputevpngateway + - gcpcomputevpngateways + singular: computevpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpnInterfaces: + description: Immutable. A list of interfaces on this VPN gateway. + items: + properties: + id: + description: Immutable. The numeric ID of this VPN gateway interface. + type: integer + interconnectAttachmentRef: + description: |- + Immutable. When this value is present, the VPN Gateway will be used + for IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the specified + interconnect attachment resource. Not currently available publicly. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: The external IP address for this VPN gateway interface. + type: string + type: object + type: array + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpntunnels.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNTunnel + plural: computevpntunnels + shortNames: + - gcpcomputevpntunnel + - gcpcomputevpntunnels + singular: computevpntunnel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + ikeVersion: + description: |- + Immutable. IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + type: integer + localTrafficSelector: + description: |- + Immutable. Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + peerExternalGatewayInterface: + description: Immutable. The interface ID of the external VPN gateway + to which this VPN tunnel is connected. + type: integer + peerExternalGatewayRef: + description: |- + The peer side external VPN gateway to which this VPN tunnel + is connected. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerGCPGatewayRef: + description: |- + The peer side HA GCP VPN gateway to which this VPN tunnel is + connected. If provided, the VPN tunnel will automatically use the + same VPN gateway interface ID in the peer GCP VPN gateway. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerIp: + description: Immutable. IP address of the peer VPN gateway. Only IPv4 + is supported. + type: string + region: + description: Immutable. The region where the tunnel is located. If + unset, is set to the region of 'target_vpn_gateway'. + type: string + remoteTrafficSelector: + description: |- + Immutable. Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The router to be used for dynamic routing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sharedSecret: + description: |- + Immutable. Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + targetVPNGatewayRef: + description: |- + The ComputeTargetVPNGateway with which this VPN tunnel is + associated. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnGatewayInterface: + description: Immutable. The interface ID of the VPN gateway with which + this VPN tunnel is associated. + type: integer + vpnGatewayRef: + description: |- + The ComputeVPNGateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - sharedSecret + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + detailedStatus: + description: Detailed status message for the VPN tunnel. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sharedSecretHash: + description: Hash of the shared secret. + type: string + tunnelId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: configcontrollerinstances.configcontroller.cnrm.cloud.google.com +spec: + group: configcontroller.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ConfigControllerInstance + plural: configcontrollerinstances + shortNames: + - gcpconfigcontrollerinstance + - gcpconfigcontrollerinstances + singular: configcontrollerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + managementConfig: + description: Immutable. Configuration of the cluster management + properties: + fullManagementConfig: + description: Immutable. Configuration of the full (Autopilot) + cluster management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + type: object + standardManagementConfig: + description: Immutable. Configuration of the standard (GKE) cluster + management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + required: + - masterIPv4CidrBlock + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + usePrivateEndpoint: + description: Immutable. Only allow access to the master's private + endpoint IP. + type: boolean + required: + - location + - managementConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gkeResourceLink: + description: Output only. KrmApiHost GCP self link used for identifying + the underlying endpoint (GKE cluster currently). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current state of the internal state + machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, + CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: containeranalysisnotes.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisNote + plural: containeranalysisnotes + shortNames: + - gcpcontaineranalysisnote + - gcpcontaineranalysisnotes + singular: containeranalysisnote + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: A note describing an attestation role. + properties: + hint: + description: Hint hints at the purpose of the attestation authority. + properties: + humanReadableName: + description: Required. The human readable name of this attestation + authority, for example "qa". + type: string + required: + - humanReadableName + type: object + type: object + build: + description: A note describing build provenance for a verifiable build. + properties: + builderVersion: + description: Required. Immutable. Version of the builder which + produced this build. + type: string + required: + - builderVersion + type: object + deployment: + description: A note describing something that can be deployed. + properties: + resourceUri: + description: Required. Resource URI for the artifact being deployed. + items: + type: string + type: array + required: + - resourceUri + type: object + discovery: + description: A note describing the initial analysis of a resource. + properties: + analysisKind: + description: 'The kind of analysis that is handled by this discovery. + Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, + IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + required: + - analysisKind + type: object + expirationTime: + description: Time of expiration for this note. Empty if note does + not expire. + format: date-time + type: string + image: + description: A note describing a base image. + properties: + fingerprint: + description: Required. Immutable. The fingerprint of the base + image. + properties: + v1Name: + description: Required. The layer ID of the final layer in + the Docker image's v1 representation. + type: string + v2Blob: + description: Required. The ordered list of v2 blobs that represent + a given image. + items: + type: string + type: array + required: + - v1Name + - v2Blob + type: object + resourceUrl: + description: Required. Immutable. The resource_url for the resource + representing the basis of associated occurrence images. + type: string + required: + - fingerprint + - resourceUrl + type: object + longDescription: + description: A detailed description of this note. + type: string + package: + description: Required for non-Windows OS. The package this Upgrade + is for. + properties: + distribution: + description: The various channels by which a package is distributed. + items: + properties: + architecture: + description: 'The CPU architecture for which packages in + this distribution channel were built Possible values: + ARCHITECTURE_UNSPECIFIED, X86, X64' + type: string + cpeUri: + description: The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) + denoting the package manager version distributing a package. + type: string + description: + description: The distribution channel-specific description + of this package. + type: string + latestVersion: + description: The latest available version of this package + in this distribution channel. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Distinguish between sentinel MIN/MAX versions + and normal versions. If kind is not NORMAL, then the + other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, + NORMAL, MINIMUM, MAXIMUM' + type: string + name: + description: The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + maintainer: + description: A freeform string denoting the maintainer of + this package. + type: string + url: + description: The distribution channel-specific homepage + for this package. + type: string + required: + - cpeUri + type: object + type: array + name: + description: The name of the package. + type: string + required: + - name + type: object + relatedNoteNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + relatedUrl: + description: URLs associated with this note. + items: + properties: + label: + description: Label to describe usage of the URL + type: string + url: + description: Specific URL to associate with the note + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shortDescription: + description: A one sentence description of this note. + type: string + vulnerability: + description: A note describing a package vulnerability. + properties: + cvssScore: + description: The CVSS score of this vulnerability. CVSS score + is on a scale of 0 - 10 where 0 indicates low severity and 10 + indicates high severity. + format: double + type: number + cvssV3: + description: The full description of the CVSSv3 for this vulnerability. + properties: + attackComplexity: + description: ' Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, + ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH' + type: string + attackVector: + description: 'Base Metrics Represents the intrinsic characteristics + of a vulnerability that are constant over time and across + user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, + ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, + ATTACK_VECTOR_PHYSICAL' + type: string + availabilityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + baseScore: + description: The base score is a function of the base metric + scores. + format: double + type: number + confidentialityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + exploitabilityScore: + format: double + type: number + impactScore: + format: double + type: number + integrityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + privilegesRequired: + description: ' Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, + PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH' + type: string + scope: + description: ' Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, + SCOPE_CHANGED' + type: string + userInteraction: + description: ' Possible values: USER_INTERACTION_UNSPECIFIED, + USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED' + type: string + type: object + details: + description: Details of all known distros and packages affected + by this vulnerability. + items: + properties: + affectedCpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + affectedPackage: + description: Required. The package this vulnerability affects. + type: string + affectedVersionEnd: + description: 'The version number at the end of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + affectedVersionStart: + description: 'The version number at the start of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + description: + description: A vendor-specific description of this vulnerability. + type: string + fixedCpeUri: + description: The distro recommended (https://cpe.mitre.org/specification/) + to update to that contains a fix for this vulnerability. + It is possible for this to be different from the affected_cpe_uri. + type: string + fixedPackage: + description: The distro recommended package to update to + that contains a fix for this vulnerability. It is possible + for this to be different from the affected_package. + type: string + fixedVersion: + description: The distro recommended version to update to + that contains a fix for this vulnerability. Setting this + to VersionKind.MAXIMUM means no such version is yet available. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + isObsolete: + description: Whether this detail is obsolete. Occurrences + are expected not to point to obsolete details. + type: boolean + packageType: + description: The type of package; whether native or non + native (e.g., ruby gems, node.js packages, etc.). + type: string + severityName: + description: The distro assigned severity of this vulnerability. + type: string + sourceUpdateTime: + description: The time this information was last changed + at the source. This is an upstream timestamp from the + underlying information source - e.g. Ubuntu security tracker. + format: date-time + type: string + required: + - affectedCpeUri + - affectedPackage + type: object + type: array + severity: + description: 'The note provider assigned severity of this vulnerability. + Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, + HIGH, CRITICAL' + type: string + sourceUpdateTime: + description: The time this information was last changed at the + source. This is an upstream timestamp from the underlying information + source - e.g. Ubuntu security tracker. + format: date-time + type: string + windowsDetails: + description: Windows details get their own format because the + information format and model don't match a normal detail. Specifically + Windows updates are done as patches, thus Windows vulnerabilities + really are a missing package, rather than a package being at + an incorrect version. + items: + properties: + cpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + description: + description: The description of this vulnerability. + type: string + fixingKbs: + description: Required. The names of the KBs which have hotfixes + to mitigate this vulnerability. Note that there may be + multiple hotfixes (and thus multiple KBs) that mitigate + a given vulnerability. Currently any listed KBs presence + is considered a fix. + items: + properties: + name: + description: The KB name (generally of the form KB+ + (e.g., KB123456)). + type: string + url: + description: A link to the KB in the (https://www.catalog.update.microsoft.com/). + type: string + type: object + type: array + name: + description: Required. The name of this vulnerability. + type: string + required: + - cpeUri + - fixingKbs + - name + type: object + type: array + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerclusters.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerCluster + plural: containerclusters + shortNames: + - gcpcontainercluster + - gcpcontainerclusters + singular: containercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: The configuration for addons supported by GKE. + properties: + cloudrunConfig: + description: The status of the CloudRun addon. It is disabled + by default. Set disabled = false to enable. + properties: + disabled: + type: boolean + loadBalancerType: + type: string + required: + - disabled + type: object + configConnectorConfig: + description: The of the Config Connector addon. + properties: + enabled: + type: boolean + required: + - enabled + type: object + dnsCacheConfig: + description: The status of the NodeLocal DNSCache addon. It is + disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcePersistentDiskCsiDriverConfig: + description: Whether this cluster should enable the Google Compute + Engine Persistent Disk Container Storage Interface (CSI) Driver. + Defaults to enabled; set disabled = true to disable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcpFilestoreCsiDriverConfig: + description: The status of the Filestore CSI driver addon, which + allows the usage of filestore instance as volumes. Defaults + to disabled; set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gkeBackupAgentConfig: + description: The status of the Backup for GKE Agent addon. It + is disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + horizontalPodAutoscaling: + description: The status of the Horizontal Pod Autoscaling addon, + which increases or decreases the number of replica pods a replication + controller has based on the resource usage of the existing pods. + It ensures that a Heapster pod is running in the cluster, which + is also used by the Cloud Monitoring service. It is enabled + by default; set disabled = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + httpLoadBalancing: + description: The status of the HTTP (L7) load balancing controller + addon, which makes it easy to set up HTTP load balancers for + services in a cluster. It is enabled by default; set disabled + = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + istioConfig: + description: The status of the Istio addon. + properties: + auth: + description: The authentication type between services in Istio. + Available options include AUTH_MUTUAL_TLS. + type: string + disabled: + description: The status of the Istio addon, which makes it + easy to set up Istio for services in a cluster. It is disabled + by default. Set disabled = false to enable. + type: boolean + required: + - disabled + type: object + kalmConfig: + description: Configuration for the KALM addon, which manages the + lifecycle of k8s. It is disabled by default; Set enabled = true + to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + networkPolicyConfig: + description: Whether we should enable the network policy addon + for the master. This must be enabled in order to enable network + policy for the nodes. To enable this, you must also define a + network_policy block, otherwise nothing will happen. It can + only be disabled if the nodes already do not have network policies + enabled. Defaults to disabled; set disabled = false to enable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + type: object + authenticatorGroupsConfig: + description: Configuration for the Google Groups for GKE feature. + properties: + securityGroup: + description: The name of the RBAC security group for use with + Google security groups in Kubernetes RBAC. Group name must be + in format gke-security-groups@yourdomain.com. + type: string + required: + - securityGroup + type: object + binaryAuthorization: + description: Configuration options for the Binary Authorization feature. + properties: + enabled: + description: DEPRECATED. Deprecated in favor of evaluation_mode. + Enable Binary Authorization for this cluster. + type: boolean + evaluationMode: + description: Mode of operation for Binary Authorization policy + evaluation. + type: string + type: object + clusterAutoscaling: + description: Per-cluster configuration of Node Auto-Provisioning with + Cluster Autoscaler to automatically adjust the size of the cluster + and create/delete node pools based on the current needs of the cluster's + workload. See the guide to using Node Auto-Provisioning for more + details. + properties: + autoProvisioningDefaults: + description: Contains defaults for a node pool created by NAP. + properties: + bootDiskKMSKeyRef: + description: |- + Immutable. The Customer Managed Encryption Key used to encrypt the + boot disk attached to each node in the node pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSize: + description: Size of the disk attached to each node, specified + in GB. The smallest allowed disk size is 10GB. + type: integer + imageType: + description: The default image type used by NAP once a new + node pool is being created. + type: string + management: + description: NodeManagement configuration for this NodePool. + properties: + autoRepair: + description: Specifies whether the node auto-repair is + enabled for the node pool. If enabled, the nodes in + this node pool will be monitored and, if they fail health + checks too many times, an automatic repair action will + be triggered. + type: boolean + autoUpgrade: + description: Specifies whether node auto-upgrade is enabled + for the node pool. If enabled, node auto-upgrade helps + keep the nodes in your node pool up to date with the + latest release version of Kubernetes. + type: boolean + upgradeOptions: + description: Specifies the Auto Upgrade knobs for the + node pool. + items: + properties: + autoUpgradeStartTime: + description: This field is set when upgrades are + about to commence with the approximate start time + for the upgrades, in RFC3339 text format. + type: string + description: + description: This field is set when upgrades are + about to commence with the description of the + upgrade. + type: string + type: object + type: array + type: object + minCpuPlatform: + description: Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or newer + CPU platform. Applicable values are the friendly names of + CPU platforms, such as Intel Haswell. + type: string + oauthScopes: + description: Scopes that are used by NAP when creating node + pools. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Defines whether the instance has Secure Boot + enabled. + type: boolean + type: object + upgradeSettings: + description: Specifies the upgrade settings for NAP created + node pools. + properties: + blueGreenSettings: + description: Settings for blue-green upgrade strategy. + properties: + nodePoolSoakDuration: + description: "Time needed after draining entire blue + pool. After this period, blue pool will be cleaned + up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration + in seconds with up to nine fractional digits, ending + with 's'. Example: \"3.5s\"." + type: string + standardRolloutPolicy: + description: Standard policy for the blue-green upgrade. + properties: + batchNodeCount: + description: Number of blue nodes to drain in + a batch. + type: integer + batchPercentage: + description: Percentage of the bool pool nodes + to drain in a batch. The range of this field + should be (0.0, 1.0]. + type: number + batchSoakDuration: + description: "Soak time after each batch gets + drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA + duration in seconds with up to nine fractional + digits, ending with 's'. Example: \"3.5s\"." + type: string + type: object + type: object + maxSurge: + description: The maximum number of nodes that can be created + beyond the current size of the node pool during the + upgrade process. + type: integer + maxUnavailable: + description: The maximum number of nodes that can be simultaneously + unavailable during the upgrade process. + type: integer + strategy: + description: Update strategy of the node pool. + type: string + type: object + type: object + autoscalingProfile: + description: Configuration options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler + should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED + or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string + enabled: + description: Whether node auto-provisioning is enabled. Resource + limits for cpu and memory must be defined to enable node auto-provisioning. + type: boolean + resourceLimits: + description: Global constraints for machine resources in the cluster. + Configuring the cpu and memory types is required if node auto-provisioning + is enabled. These limits will apply to node pool autoscaling + in addition to node auto-provisioning. + items: + properties: + maximum: + description: Maximum amount of the resource in the cluster. + type: integer + minimum: + description: Minimum amount of the resource in the cluster. + type: integer + resourceType: + description: The type of the resource. For example, cpu + and memory. See the guide to using Node Auto-Provisioning + for a list of types. + type: string + required: + - resourceType + type: object + type: array + type: object + clusterIpv4Cidr: + description: Immutable. The IP address range of the Kubernetes pods + in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank + to have one automatically chosen or specify a /14 block in 10.0.0.0/8. + This field will only work for routes-based clusters, where ip_allocation_policy + is not defined. + type: string + clusterTelemetry: + description: Telemetry integration for the cluster. + properties: + type: + description: Type of the integration. + type: string + required: + - type + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: This + configuration can''t be changed (or added/removed) after cluster + creation without deleting and recreating the entire cluster.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature is + enabled for all nodes in this cluster. + type: boolean + required: + - enabled + type: object + costManagementConfig: + description: Cost management configuration for the cluster. + properties: + enabled: + description: Whether to enable GKE cost allocation. When you enable + GKE cost allocation, the cluster name and namespace of your + GKE workloads appear in the labels field of the billing export + to BigQuery. Defaults to false. + type: boolean + required: + - enabled + type: object + databaseEncryption: + description: 'Application-layer Secrets Encryption settings. The object + format is {state = string, key_name = string}. Valid values of state + are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS + key.' + properties: + keyName: + description: The key to use to encrypt/decrypt secrets. + type: string + state: + description: ENCRYPTED or DECRYPTED. + type: string + required: + - state + type: object + datapathProvider: + description: Immutable. The desired datapath provider for this cluster. + By default, uses the IPTables-based kube-proxy implementation. + type: string + defaultMaxPodsPerNode: + description: Immutable. The default maximum number of pods per node + in this cluster. This doesn't work on "routes-based" clusters, clusters + that don't have IP Aliasing enabled. + type: integer + defaultSnatStatus: + description: Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when defaultSnatStatus is disabled. + properties: + disabled: + description: When disabled is set to false, default IP masquerade + rules will be applied to the nodes to prevent sNAT on cluster + internal traffic. + type: boolean + required: + - disabled + type: object + description: + description: Immutable. Description of the cluster. + type: string + dnsConfig: + description: Immutable. Configuration for Cloud DNS for Kubernetes + Engine. + properties: + clusterDns: + description: Which in-cluster DNS provider should be used. + type: string + clusterDnsDomain: + description: The suffix used for all cluster service records. + type: string + clusterDnsScope: + description: The scope of access to cluster DNS records. + type: string + type: object + enableAutopilot: + description: Immutable. Enable Autopilot for this cluster. + type: boolean + enableBinaryAuthorization: + description: DEPRECATED. Deprecated in favor of binary_authorization. + Enable Binary Authorization for this cluster. If enabled, all container + images will be validated by Google Binary Authorization. + type: boolean + enableIntranodeVisibility: + description: Whether Intra-node visibility is enabled for this cluster. + This makes same node pod to pod traffic visible for VPC network. + type: boolean + enableKubernetesAlpha: + description: Immutable. Whether to enable Kubernetes Alpha features + for this cluster. Note that when this option is enabled, the cluster + cannot be upgraded and will be automatically deleted after 30 days. + type: boolean + enableL4IlbSubsetting: + description: Whether L4ILB Subsetting is enabled for this cluster. + type: boolean + enableLegacyAbac: + description: Whether the ABAC authorizer is enabled for this cluster. + When enabled, identities in the system, including service accounts, + nodes, and controllers, will have statically granted permissions + beyond those provided by the RBAC configuration or IAM. Defaults + to false. + type: boolean + enableShieldedNodes: + description: Enable Shielded Nodes features on all nodes in this cluster. + Defaults to true. + type: boolean + enableTpu: + description: Immutable. Whether to enable Cloud TPU resources in this + cluster. + type: boolean + gatewayApiConfig: + description: Configuration for GKE Gateway API controller. + properties: + channel: + description: The Gateway API release channel to use for Gateway + API. + type: string + required: + - channel + type: object + identityServiceConfig: + description: Configuration for Identity Service which allows customers + to use external identity providers with the K8S API. + properties: + enabled: + description: Whether to enable the Identity Service component. + type: boolean + type: object + initialNodeCount: + description: Immutable. The number of nodes to create in this cluster's + default node pool. In regional or multi-zonal clusters, this is + the number of nodes per zone. Must be set if node_pool is not set. + If you're using google_container_node_pool objects with no default + node pool, you'll need to set this to a value of at least 1, alongside + setting remove_default_node_pool to true. + type: integer + ipAllocationPolicy: + description: Immutable. Configuration of cluster IP allocation for + VPC-native clusters. Adding this block enables IP aliasing, making + the cluster VPC-native instead of routes-based. + properties: + clusterIpv4CidrBlock: + description: Immutable. The IP address range for the cluster pod + IPs. Set to blank to have a range chosen with the default size. + Set to /netmask (e.g. /14) to have a range chosen with a specific + netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the + RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) + to pick a specific range to use. + type: string + clusterSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for pod IP addresses. Alternatively, + cluster_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + servicesIpv4CidrBlock: + description: Immutable. The IP address range of the services IPs + in this cluster. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + servicesSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for service ClusterIPs. Alternatively, + services_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + type: object + location: + description: Immutable. The location (region or zone) in which the + cluster master will be created, as well as the default node location. + If you specify a zone (such as us-central1-a), the cluster will + be a zonal cluster with a single cluster master. If you specify + a region (such as us-west1), the cluster will be a regional cluster + with multiple masters spread across zones in the region, and with + default node locations in those zones as well. + type: string + loggingConfig: + description: Logging configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing logs. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + required: + - enableComponents + type: object + loggingService: + description: The logging service that the cluster should write logs + to. Available options include logging.googleapis.com(Legacy Stackdriver), + logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine + Logging), and none. Defaults to logging.googleapis.com/kubernetes. + type: string + maintenancePolicy: + description: The maintenance policy to use for the cluster. + properties: + dailyMaintenanceWindow: + description: 'Time window specified for daily maintenance operations. + Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] + and MM : [00-59] GMT.' + properties: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + is 375 GB in size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. + items: + properties: + effect: + description: Immutable. Effect for taint. + type: string + key: + description: Immutable. Key for taint. + type: string + value: + description: Immutable. Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. + type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - enabled + type: object + required: + - pubsub + type: object + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. + properties: + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. + properties: + enabled: + description: Whether the cluster master is accessible globally + or not. + type: boolean + required: + - enabled + type: object + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. + type: string + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. + type: string + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. + properties: + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string + required: + - channel + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. + properties: + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. + properties: + datasetId: + description: The ID of a BigQuery Dataset. + type: string + required: + - datasetId + type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. + properties: + enabled: + description: Enables vertical pod autoscaling. + type: boolean + required: + - enabled + type: object + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. + type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + is 375 GB in size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. + items: + properties: + effect: + description: Immutable. Effect for taint. + type: string + key: + description: Immutable. Key for taint. + type: string + value: + description: Immutable. Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: The workload metadata configuration for this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer + nodeLocations: + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. + items: + type: string + type: array + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + taxonomyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - displayName + - taxonomyRef + type: object + status: + properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Taxonomy location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: + type: string + parameters: + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + required: + - containerSpecGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowjobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowJob + plural: dataflowjobs + shortNames: + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". + type: string + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. + type: string + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string + required: + - tempGcsLocation + - templateGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + description: The unique ID of this job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: datafusioninstances.datafusion.cnrm.cloud.google.com +spec: + group: datafusion.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataFusionInstance + plural: datafusioninstances + shortNames: + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. + type: string + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. + type: string + required: + - location + - type + type: object + status: + properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string + state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies + shortNames: + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + basicAlgorithm: + properties: + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' + type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. + properties: + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + type: object + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. + properties: + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances + type: object + required: + - basicAlgorithm + - location + - workerConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocclusters.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocCluster + plural: dataprocclusters + shortNames: + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource, usually a GCP + region. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Google Cloud Platform project ID that the cluster belongs to. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. + properties: + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kubernetesClusterConfig + type: object + required: + - location + type: object + status: + properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates + shortNames: + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: + type: string + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. + properties: + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + type: object + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: + type: string + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: + type: string + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. + type: string + required: + - clusterLabels + type: object + managedCluster: + description: Immutable. A cluster that is managed by the workflow. + properties: + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object + required: + - clusterName + - config + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - jobs + - location + - placement + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time template was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPDeidentifyTemplate + plural: dlpdeidentifytemplates + shortNames: + - gcpdlpdeidentifytemplate + - gcpdlpdeidentifytemplates + singular: dlpdeidentifytemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + deidentifyConfig: + description: The core content of the template. + properties: + infoTypeTransformations: + description: Treat the dataset as free-form text and apply the + same free text transformation everywhere. + properties: + transformations: + description: Required. Transformation for each infoType. Cannot + specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation to. + An empty list will cause this transformation to apply + to all findings that correspond to infoTypes that + were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation to apply + to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + recordTransformations: + description: Treat the dataset as structured. Transformations + can be applied to specific locations within structured datasets, + such as transforming a column within a table. + properties: + fieldTransformations: + description: Transform the record by applying various field + transformations. + items: + properties: + condition: + description: 'Only apply the transformation if the condition + evaluates to true for the given `RecordCondition`. + The conditions are allowed to reference fields that + are not used in the actual transformation. Example + Use Cases: - Apply a different bucket transformation + to an age column if the zip code column for the same + record is within a specific range. - Redact a field + if the date of birth field is greater than 85.' + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + fields: + description: Required. Input field(s) to apply the transformation + to. When you have columns that reference their position + within a list, omit the index from the FieldId. FieldId + name matching ignores the index. For example, instead + of "contact.nums[0].type", use "contact.nums.type". + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + infoTypeTransformations: + description: Treat the contents of the field as free + text, and selectively transform content that matches + an `InfoType`. + properties: + transformations: + description: Required. Transformation for each infoType. + Cannot specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation + to. An empty list will cause this transformation + to apply to all findings that correspond + to infoTypes that were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation + to apply to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges + must be non-overlapping. + items: + properties: + max: + description: Upper bound of + the range, exclusive; type + must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of + the range, inclusive. Type + should be the same as max + if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement + value for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, + items in this list will be skipped + when replacing characters. For example, + if the input string is `555-555-5555` + and you instruct Cloud DLP to skip + `-` and mask 5 characters with `*`, + Cloud DLP returns `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not + transform when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters + to not transform when masking. + Useful to avoid removing punctuation. + Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, + ALPHA_LOWER_CASE, PUNCTUATION, + WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask + the sensitive values—for example, + `*` for an alphabetic string such + as a name, or `0` for a numeric + string such as ZIP code or credit + card number. This string must have + a length of 1. If not supplied, + this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters + to mask. If not set, all matching + chars will be masked. Skipped characters + do not count towards this tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse + order. For example, if `masking_character` + is `0`, `number_to_mask` is `14`, + and `reverse_order` is `false`, + then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. + If `masking_character` is `*`, `number_to_mask` + is `3`, and `reverse_order` is `true`, + then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. + properties: + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name + for this InfoType. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. + properties: + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl + type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: eventarctriggers.eventarc.cnrm.cloud.google.com +spec: + group: eventarc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EventarcTrigger + plural: eventarctriggers + shortNames: + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. + + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: + properties: + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string + type: object + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: + type: string + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships + shortNames: + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configmanagement: + description: Config Management-specific spec. + properties: + binauthz: + description: Binauthz configuration for the cluster. + properties: + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean + type: object + configSync: + description: Config Sync configuration for the cluster. + properties: + git: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string + type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string + type: object + hierarchyController: + description: Hierarchy Controller configuration for the cluster. + properties: + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean + type: object + policyController: + description: Policy Controller configuration for the cluster. + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + type: string + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean + type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string + type: object + featureRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mesh: + description: Manage Mesh Features + properties: + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - featureRef + - location + - membershipRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeatures.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeature + plural: gkehubfeatures + shortNames: + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. + properties: + multiclusteringress: + description: Multicluster Ingress-specific spec. + properties: + configMembershipRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - configMembershipRef + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubmemberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubMembership + plural: gkehubmemberships + shortNames: + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' + properties: + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string + type: object + description: + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' + type: string + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - resourceRef + - service + type: object + status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + properties: + conditions: + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMCustomRole + plural: iamcustomroles + shortNames: + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description for the role. + type: string + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string + required: + - permissions + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampartialpolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPartialPolicy + plural: iampartialpolicies + shortNames: + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy + properties: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + oneOf: + - required: + - member + - required: + - memberFrom + properties: + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy + properties: + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicy + plural: iampolicies + shortNames: + - gcpiampolicy + - gcpiampolicies + singular: iampolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicySpec defines the desired state of IAMPolicy + properties: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPolicyStatus defines the observed state of IAMPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicymembers.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicyMember + plural: iampolicymembers + shortNames: + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicyMember is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom + properties: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - resourceRef + - role + type: object + status: + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys + shortNames: + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + type: string + privateKeyType: + description: Immutable. + type: string + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. + type: string + publicKeyType: + description: Immutable. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Immutable. The name used for this key pair. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccount + plural: iamserviceaccounts + shortNames: + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - attributeMapping + - location + - workforcePoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePool + plural: iamworkforcepools + shortNames: + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). + type: string + required: + - location + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders + shortNames: + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - workloadIdentityPoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools + shortNames: + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the pool. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A display name for the pool. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapbrands.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPBrand + plural: iapbrands + shortNames: + - gcpiapbrand + - gcpiapbrands + singular: iapbrand + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients + shortNames: + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + brandRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: Immutable. Human-friendly name given to the OAuth client. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - brandRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: Output only. Client secret of the OAuth client. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformConfig + plural: identityplatformconfigs + shortNames: + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: + type: string + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object + type: object + client: + description: Options related to how clients making requests on behalf + of a project should be configured. + properties: + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + monitoring: + description: Configuration related to monitoring project activity. + properties: + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. + type: string + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + quota: + description: Configuration related to quotas. + properties: + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + client: + properties: + apiKey: + description: Output only. API key that can be used when making + requests for this project. + type: string + firebaseSubdomain: + description: Output only. Firebase subdomain. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs + shortNames: + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantOAuthIDPConfig + plural: identityplatformtenantoauthidpconfigs + shortNames: + - gcpidentityplatformtenantoauthidpconfig + - gcpidentityplatformtenantoauthidpconfigs + singular: identityplatformtenantoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + tenantRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The tenant for the resource + + Allowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tenantRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenants.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenant + plural: identityplatformtenants + shortNames: + - gcpidentityplatformtenant + - gcpidentityplatformtenants + singular: identityplatformtenant + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowPasswordSignup: + description: Whether to allow email/password user authentication. + type: boolean + disableAuth: + description: Whether authentication is disabled for the tenant. If + true, the users under the disabled tenant are not allowed to sign-in. + Admins of the disabled tenant are not able to manage its users. + type: boolean + displayName: + description: Display name of the tenant. + type: string + enableAnonymousUser: + description: Whether to enable anonymous user authentication. + type: boolean + enableEmailLinkSignin: + description: Whether to enable email link user authentication. + type: boolean + mfaConfig: + description: The tenant-level configuration of MFA options. + properties: + enabledProviders: + description: A list of usable second factors for this project. + items: + type: string + type: array + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testPhoneNumbers: + additionalProperties: + type: string + description: A map of pairs that can + be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) + and a maximum of 10 pairs can be added (error will be thrown once + exceeded). + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeys.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKey + plural: kmscryptokeys + shortNames: + - gcpkmscryptokey + - gcpkmscryptokeys + singular: kmscryptokey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogbuckets.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogBucket + plural: logginglogbuckets + shortNames: + - gcplogginglogbucket + - gcplogginglogbuckets + singular: logginglogbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this bucket. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + locked: + description: Whether the bucket has been locked. The retention period + on a locked bucket may not be changed. Locked buckets may only be + deleted if they are empty. + type: boolean + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionDays: + description: Logs will be retained by default for this amount of time, + after which they will automatically be deleted. The minimum retention + period is 1 day. If this value is set to zero at bucket creation + time, the default time of 30 days will be used. + format: int64 + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the bucket. This + is not set for any of the default buckets. + format: date-time + type: string + lifecycleState: + description: 'Output only. The bucket lifecycle state. Possible values: + LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the bucket. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogexclusions.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogExclusion + plural: logginglogexclusions + shortNames: + - gcplogginglogexclusion + - gcplogginglogexclusions + singular: logginglogexclusion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - projectRef + - required: + - folderRef + - required: + - organizationRef + - required: + - billingAccountRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A description of this exclusion. + type: string + disabled: + description: Optional. If set to True, then this exclusion is disabled + and it does not exclude any log entries. You can update an exclusion + to change the value of this field. + type: boolean + filter: + description: 'Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), + you can exclude less than 100% of the matching log entries. For + example, the following query matches 99% of low-severity log entries + from Google Cloud Storage buckets: `"resource.type=gcs_bucket severity' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogmetrics.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogMetric + plural: logginglogmetrics + shortNames: + - gcplogginglogmetric + - gcplogginglogmetrics + singular: logginglogmetric + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketOptions: + description: Optional. The `bucket_options` are required when the + logs-based metric is using a DISTRIBUTION value type and it describes + the bucket boundaries used to create a histogram of the extracted + values. + properties: + explicitBuckets: + description: The explicit buckets. + properties: + bounds: + description: The values must be monotonically increasing. + items: + format: double + type: number + type: array + type: object + exponentialBuckets: + description: The exponential buckets. + properties: + growthFactor: + description: Must be greater than 1. + format: double + type: number + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + scale: + description: Must be greater than 0. + format: double + type: number + type: object + linearBuckets: + description: The linear bucket. + properties: + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + offset: + description: Lower bound of the first bucket. + format: double + type: number + width: + description: Must be greater than 0. + format: double + type: number + type: object + type: object + description: + description: Optional. A description of this metric, which is used + in documentation. The maximum length of the description is 8000 + characters. + type: string + disabled: + description: Optional. If set to True, then this metric is disabled + and it does not generate any points. + type: boolean + filter: + description: 'Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) + which is used to match log entries. Example: "resource.type=gae_app + AND severity>=ERROR" The maximum length of the filter is 20000 characters.' + type: string + labelExtractors: + additionalProperties: + type: string + description: Optional. A map from a label key string to an extractor + expression which is used to extract data from a log entry field + and assign as the label value. Each label key specified in the LabelDescriptor + must have an associated extractor expression in this map. The syntax + of the extractor expression is the same as for the `value_extractor` + field. The extracted value is converted to the type defined in the + label descriptor. If the either the extraction or the type conversion + fails, the label will have a default value. The default value for + a string label is an empty string, for an integer label its 0, and + for a boolean label its `false`. Note that there are upper bounds + on the maximum number of labels and the number of active time series + that are allowed in a project. + type: object + metricDescriptor: + description: Optional. The metric descriptor associated with the logs-based + metric. If unspecified, it uses a default metric descriptor with + a DELTA metric kind, INT64 value type, with no labels and a unit + of "1". Such a metric counts the number of log entries matching + the `filter` expression. The `name`, `type`, and `description` fields + in the `metric_descriptor` are output only, and is constructed using + the `name` and `description` field in the LogMetric. To create a + logs-based metric that records a distribution of log values, a DELTA + metric kind with a DISTRIBUTION value type must be used along with + a `value_extractor` expression in the LogMetric. Each label in the + metric descriptor must have a matching label name as the key and + an extractor expression as the value in the `label_extractors` map. + The `metric_kind` and `value_type` fields in the `metric_descriptor` + cannot be updated once initially configured. New labels can be added + in the `metric_descriptor`, but existing labels cannot be modified + except for their description. + properties: + displayName: + description: A concise name for the metric, which can be displayed + in user interfaces. Use sentence case without an ending period, + for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: The set of labels that can be used to describe a + specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just + for responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for + the label. + type: string + key: + description: Immutable. The label key. + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64, DOUBLE, + DISTRIBUTION, MONEY' + type: string + type: object + type: array + launchStage: + description: 'Optional. The launch stage of the metric definition. + Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, + BETA, GA, DEPRECATED' + type: string + metadata: + description: Optional. Metadata which can be used to guide usage + of the metric. + properties: + ingestDelay: + description: The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + samplePeriod: + description: The sampling period of metric data points. For + metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data + loss due to errors. Metrics with a higher granularity have + a smaller sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: GAUGE, + DELTA, CUMULATIVE' + type: string + unit: + description: 'The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of + the stored metric values. Different systems might scale the + values to be more easily displayed (so a value of `0.02kBy` + _might_ be displayed as `20By`, and a value of `3523kBy` _might_ + be displayed as `3.5MBy`). However, if the `unit` is `kBy`, + then the value of the metric is always in thousands of bytes, + no matter how it might be displayed. If you want a custom metric + to record the exact number of CPU-seconds used by a job, you + can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` + (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 + CPU-seconds, then the value is written as `12005`. Alternatively, + if you want a custom metric to record data in a more granular + way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` + is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), + or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: + **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second + * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes + (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) + * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` + zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` + micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto + (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto + (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) + * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar + also includes these connectors: * `/` division or ratio (as + an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` + (although you should almost never have `/s` in a metric `unit`; + rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. + The grammar for a unit is as follows: Expression = Component: + { "." Component } { "/" Component } ; Component = ( [ PREFIX + ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation + = "{" NAME "}" ; Notes: * `Annotation` is just a comment if + it follows a `UNIT`. If the annotation is used alone, then the + unit is equivalent to `1`. For examples, `{request}/s == 1/s`, + `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank + printable ASCII characters not containing `{` or `}`. * `1` + represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) + of 1, such as in `1/s`. It is typically used when none of the + basic units are appropriate. For example, "new users per day" + can be represented as `1/d` or `{new-users}/d` (and a metric + value `5` would mean "5 new users). Alternatively, "thousands + of page views per day" would be represented as `1000/d` or `k1/d` + or `k{page_views}/d` (and a metric value of `5.3` would mean + "5300 page views per day"). * `%` represents dimensionless value + of 1/100, and annotates values giving a percentage (so the metric + values are typically in the range of 0..100, and a metric value + `3` means "3 percent"). * `10^2.%` indicates a metric contains + a ratio, typically in the range 0..1, that will be multiplied + by 100 and displayed as a percentage (so a metric value `0.03` + means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, + a floating-point number, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: STRING, + BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the project in which to create the metric. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueExtractor: + description: 'Optional. A `value_extractor` is required when using + a distribution logs-based metric to extract the values to record + from a log entry. Two functions are supported for value extraction: + `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument + are: 1. field: The name of the log entry field from which the value + is to be extracted. 2. regex: A regular expression using the Google + RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single + capture group to extract data from the specified log entry field. + The value of the field is converted to a string before applying + the regex. It is an error to specify a regex that does not include + exactly one capture group. The result of the extraction must be + convertible to a double type, as the distribution always records + double values. If either the extraction or the conversion to double + fails, then those values are not recorded in the distribution. Example: + `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(d+).*")`' + type: string + required: + - filter + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the metric. This + field may not be present for older metrics. + format: date-time + type: string + metricDescriptor: + properties: + description: + description: A detailed description of the metric, which can be + used in documentation. + type: string + monitoredResourceTypes: + description: Read-only. If present, then a time series, which + is identified partially by a metric type and a MonitoredResourceDescriptor, + that is associated with this metric type can only be associated + with one of the monitored resource types listed here. + items: + type: string + type: array + name: + description: The resource name of the metric descriptor. + type: string + type: + description: 'The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For + example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the metric. + This field may not be present for older metrics. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: logginglogsinks.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogSink + plural: logginglogsinks + shortNames: + - gcplogginglogsink + - gcplogginglogsinks + singular: logginglogsink + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryOptions: + description: Options that affect sinks exporting data to BigQuery. + properties: + usePartitionedTables: + description: Whether to use BigQuery's partition tables. By default, + Logging creates dated tables based on the log entries' timestamps, + e.g. syslog_20170523. With partitioned tables the date suffix + is no longer present and special query syntax has to be used + instead. In both cases, tables are sharded based on UTC timezone. + type: boolean + required: + - usePartitionedTables + type: object + description: + description: A description of this sink. The maximum length of the + description is 8000 characters. + type: string + destination: + oneOf: + - required: + - bigQueryDatasetRef + - required: + - loggingLogBucketRef + - required: + - pubSubTopicRef + - required: + - storageBucketRef + properties: + bigQueryDatasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, + where {{value}} is the `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + loggingLogBucketRef: + description: Only `external` field is supported to configure the + reference. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, + where {{value}} is the `name` field of a `LoggingLogBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubSubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `storage.googleapis.com/{{value}}`, + where {{value}} is the `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + disabled: + description: If set to True, then this sink is disabled and it does + not export any log entries. + type: boolean + exclusions: + description: Log entries that match any of the exclusion filters will + not be exported. If a log entry is matched by both filter and one + of exclusion's filters, it will not be exported. + items: + properties: + description: + description: A description of this exclusion. + type: string + disabled: + description: If set to True, then this exclusion is disabled + and it does not exclude any log entries. + type: boolean + filter: + description: An advanced logs filter that matches the log entries + to be excluded. By using the sample function, you can exclude + less than 100% of the matching log entries. + type: string + name: + description: A client-assigned identifier, such as "load-balancer-exclusion". + Identifiers are limited to 100 characters and can include + only letters, digits, underscores, hyphens, and periods. First + character has to be alphanumeric. + type: string + required: + - filter + - name + type: object + type: array + filter: + description: The filter to apply when exporting logs. Only log entries + that match the filter are exported. + type: string + folderRef: + description: |- + The folder in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + includeChildren: + description: Immutable. Whether or not to include children organizations + in the sink export. If true, logs associated with child projects + are also exported; otherwise only logs relating to the provided + organization are included. + type: boolean + organizationRef: + description: |- + The organization in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + uniqueWriterIdentity: + description: Immutable. Whether or not to create a unique identity + associated with this sink. If false (the default), then the writer_identity + used is serviceAccount:cloud-logs@system.gserviceaccount.com. If + true, then a unique service account is created and used for this + sink. If you wish to publish logs across projects, you must set + unique_writer_identity to true. + type: boolean + required: + - destination + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + writerIdentity: + description: The identity associated with this sink. This identity + must be granted write access to the configured destination. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogviews.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogView + plural: logginglogviews + shortNames: + - gcplogginglogview + - gcplogginglogviews + singular: logginglogview + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + bucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The bucket of the resource + + Allowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this view. + type: string + filter: + description: 'Filter that restricts which log entries in a bucket + are visible in this view. Filters are restricted to be a logical + AND of ==/!= of any of the following: - originating project/folder/organization/billing + account. - resource type - log id For example: SOURCE("projects/myproject") + AND resource.type = "gce_instance" AND LOG_ID("stdout")' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the view. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the view. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: memcacheinstances.memcache.cnrm.cloud.google.com +spec: + group: memcache.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemcacheInstance + plural: memcacheinstances + shortNames: + - gcpmemcacheinstance + - gcpmemcacheinstances + singular: memcacheinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the instance. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - duration + - startTime + type: object + type: array + required: + - weeklyMaintenanceWindow + type: object + memcacheParameters: + description: Immutable. User-specified parameters for this memcache + instance. + properties: + id: + description: This is a unique ID associated with this set of parameters. + type: string + params: + additionalProperties: + type: string + description: User-defined set of parameters to use in the memcache + process. + type: object + type: object + memcacheVersion: + description: |- + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. Default value: "MEMCACHE_1_5" Possible values: ["MEMCACHE_1_5"]. + type: string + networkRef: + description: The full name of the network to connect the instance + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeConfig: + description: Immutable. Configuration for memcache nodes. + properties: + cpuCount: + description: Number of CPUs per node. + type: integer + memorySizeMb: + description: Memory size in Mebibytes for each memcache node. + type: integer + required: + - cpuCount + - memorySizeMb + type: object + nodeCount: + description: Number of nodes in the memcache instance. + type: integer + region: + description: Immutable. The region of the Memcache instance. If it + is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zones: + description: |- + Immutable. Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + items: + type: string + type: array + required: + - nodeConfig + - nodeCount + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + discoveryEndpoint: + description: Endpoint for Discovery API. + type: string + maintenanceSchedule: + description: Output only. Published maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memcacheFullVersion: + description: The full version of memcached server running on this + instance. + type: string + memcacheNodes: + description: Additional information about the instance state, if available. + items: + properties: + host: + description: Hostname or IP address of the Memcached node used + by the clients to connect to the Memcached server on this + node. + type: string + nodeId: + description: Identifier of the Memcached node. The node id does + not include project or location like the Memcached instance + name. + type: string + port: + description: The port number of the Memcached server on this + node. + type: integer + state: + description: Current state of the Memcached node. + type: string + zone: + description: Location (GCP Zone) for the Memcached node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringalertpolicies.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringAlertPolicy + plural: monitoringalertpolicies + shortNames: + - gcpmonitoringalertpolicy + - gcpmonitoringalertpolicies + singular: monitoringalertpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alertStrategy: + description: Control over how this alert policy's notification channels + are notified. + properties: + autoClose: + description: If an alert policy that was active has no data for + this long, any open incidents will close. + type: string + notificationRateLimit: + description: |- + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + properties: + period: + description: Not more than one notification per period. + type: string + type: object + type: object + combiner: + description: |- + How to combine the results of multiple conditions to + determine if an incident should be opened. Possible values: ["AND", "OR", "AND_WITH_MATCHING_RESOURCE"]. + type: string + conditions: + description: |- + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + items: + properties: + conditionAbsent: + description: |- + A condition that checks that a time series + continues to receive new data points. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + duration: + description: |- + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + type: object + conditionMatchedLog: + description: |- + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + properties: + filter: + description: A logs-based filter. + type: string + labelExtractors: + additionalProperties: + type: string + description: |- + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + type: object + required: + - filter + type: object + conditionMonitoringQueryLanguage: + description: A Monitoring Query Language query that outputs + a boolean stream. + properties: + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + query: + description: Monitoring Query Language query that outputs + a boolean stream. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + - query + type: object + conditionThreshold: + description: |- + A condition that compares a time series against a + threshold. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + comparison: + description: |- + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. Possible values: ["COMPARISON_GT", "COMPARISON_GE", "COMPARISON_LT", "COMPARISON_LE", "COMPARISON_EQ", "COMPARISON_NE"]. + type: string + denominatorAggregations: + description: |- + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + denominatorFilter: + description: |- + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + thresholdValue: + description: |- + A value against which to compare the time + series. + type: number + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - comparison + - duration + type: object + displayName: + description: |- + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + type: string + name: + description: |- + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + type: string + required: + - displayName + type: object + type: array + displayName: + description: |- + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + type: string + documentation: + description: |- + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + properties: + content: + description: |- + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + type: string + mimeType: + description: |- + The format of the content field. Presently, only the value + "text/markdown" is supported. + type: string + type: object + enabled: + description: Whether or not the policy is enabled. The default is + true. + type: boolean + notificationChannels: + items: + description: Identifies the notification channels to which notifications + should be sent when incidents are opened or closed or when new + violations occur on an already opened incident. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `MonitoringNotificationChannel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - combiner + - conditions + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationRecord: + description: |- + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + items: + properties: + mutateTime: + description: When the change occurred. + type: string + mutatedBy: + description: The email address of the user making the change. + type: string + type: object + type: array + name: + description: |- + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringdashboards.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringDashboard + plural: monitoringdashboards + shortNames: + - gcpmonitoringdashboard + - gcpmonitoringdashboards + singular: monitoringdashboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnLayout: + description: The content is divided into equally spaced columns and + the widgets are arranged vertically. + properties: + columns: + description: The columns of content to display. + items: + properties: + weight: + description: The relative weight of this column. The column + weight is used to adjust the width of columns on the screen + (relative to peers). Greater the weight, greater the width + of the column on the screen. If omitted, a value of 1 + is used while rendering. + format: int64 + type: integer + widgets: + description: The display widgets arranged vertically in + this column. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google + Cloud resource name of a `Project` resource + (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. For example, if the data + is published once every 10 minutes it would + not make sense to fetch and align data at + one minute intervals. This field is optional + and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine + the state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold + that triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum + alignment period to use in a time series + query For example, if the data is published + once every 10 minutes, the `min_alignment_period` + should be at least 10 minutes. It would + not make sense to fetch and align data + at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods + (e.g., week-over-week metrics). The duration + must be positive, and it can only be applied + to charts with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + displayName: + description: Required. The mutable, human-readable name. + type: string + gridLayout: + description: Content is arranged with a basic layout that re-flows + a simple list of informational elements like widgets or tiles. + properties: + columns: + description: The number of columns into which the view's width + is divided. If omitted or set to zero, a system default will + be used while rendering. + format: int64 + type: integer + widgets: + description: The informational elements that are arranged into + the columns row-first. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud + resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show a gauge + chart. + properties: + lowerBound: + description: The lower bound for this gauge chart. + The value of the chart should always be greater + than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge chart. + The value of the chart should always be less than + or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a spark + chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the minimum + alignment period to use in a time series query. + For example, if the data is published once every + 10 minutes it would not make sense to fetch and + align data at one minute intervals. This field + is optional and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart to + show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, + SPARK_LINE, SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine the state + of the scorecard given the time series'' current value. + For an actual value x, the scorecard is in a danger + state if x is less than or equal to a danger threshold + that triggers below, or greater than or equal to a + danger threshold that triggers above. Similarly, if + x is above/below a warning threshold that triggers + above/below, then the scorecard is in a warning state + - unless x also puts it in a danger state. (Danger + trumps warning.) As an example, consider a scorecard + with the following four thresholds: { value: 90, category: + ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: + ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: + ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: + ''WARNING'', trigger: ''BELOW'', } Then: values + less than or equal to 10 would put the scorecard in + a DANGER state, values greater than 10 but less than + or equal to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or equal + to 70 but less than 90 a WARNING state, and values + greater than or equal to 90 a DANGER state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current threshold. + Direction is not allowed in a XyChart. Possible + values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time series + data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views of + the data. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking to + select time series that pass through the + filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series. + Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking to + select time series that pass through the + filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series. + Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will override + any unit that accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. Possible + values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: MODE_UNSPECIFIED, + COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this chart. + items: + properties: + legendTemplate: + description: 'A template string for naming `TimeSeries` + in the resulting data set. This should be a + string with interpolations of the form `${label_name}`, + which will resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set, implemented + by specifying the minimum alignment period to + use in a time series query For example, if the + data is published once every 10 minutes, the + `min_alignment_period` should be at least 10 + minutes. It would not make sense to fetch and + align data at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally across + the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current threshold. + Direction is not allowed in a XyChart. Possible + values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows values + from two similar-length time periods (e.g., week-over-week + metrics). The duration must be positive, and it can + only be applied to charts with data sets of LINE plot + type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a linear + scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a linear + scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + mosaicLayout: + description: The content is arranged as a grid of tiles, with each + content widget occupying one or more tiles. + properties: + columns: + description: The number of columns in the mosaic grid. + format: int64 + type: integer + tiles: + description: The tiles to display. + items: + properties: + height: + description: The height of the tile, measured in grid squares. + format: int64 + type: integer + widget: + description: The informational widget contained in the tile. + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud + resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show a + gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a + spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the + minimum alignment period to use in a time + series query. For example, if the data is + published once every 10 minutes it would not + make sense to fetch and align data at one + minute intervals. This field is optional and + exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine the + state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold that + triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in a + XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass through + the filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, + METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. The value must be at least + 60 seconds. If a per-series aligner + other than `ALIGN_NONE` is specified, + this field is required or an error + is returned. If no per-series + aligner is specified, or the aligner + `ALIGN_NONE` is specified, then + this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not + all reducer operations can be + applied to all time series. The + valid choices depend on the `metric_kind` + and the `value_type` of the original + time series. Reduction can yield + a time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first be aligned + (see `per_series_aligner`) in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets prior + to applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. The value must be at least + 60 seconds. If a per-series aligner + other than `ALIGN_NONE` is specified, + this field is required or an error + is returned. If no per-series + aligner is specified, or the aligner + `ALIGN_NONE` is specified, then + this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not + all reducer operations can be + applied to all time series. The + valid choices depend on the `metric_kind` + and the `value_type` of the original + time series. Reduction can yield + a time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first be aligned + (see `per_series_aligner`) in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets prior + to applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass through + the filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, + METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will + override any unit that accompanies fetched + data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum alignment + period to use in a time series query For + example, if the data is published once every + 10 minutes, the `min_alignment_period` should + be at least 10 minutes. It would not make + sense to fetch and align data at one minute + intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver metrics + API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible + values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. The + value must be at least 60 + seconds. If a per-series + aligner other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, or + the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend + on the `metric_kind` and + the `value_type` of the + original time series. Reduction + can yield a time series + with a different `metric_kind` + or `value_type` than the + input time series. Time + series data must first be + aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An + `alignment_period` must + also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member + of exactly one subset. The + `cross_series_reducer` is + applied to each subset of + time series. It is not possible + to reduce across different + resource types, so this + field implicitly contains + `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the time + series have the same resource + type, then the time series + are aggregated into a single + output time series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. Not all + alignment operations may + be applied to all time series. + The valid choices depend + on the `metric_kind` and + `value_type` of the original + time series. Alignment can + change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in + order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must + be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. The + value must be at least 60 + seconds. If a per-series + aligner other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, or + the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend + on the `metric_kind` and + the `value_type` of the + original time series. Reduction + can yield a time series + with a different `metric_kind` + or `value_type` than the + input time series. Time + series data must first be + aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An + `alignment_period` must + also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member + of exactly one subset. The + `cross_series_reducer` is + applied to each subset of + time series. It is not possible + to reduce across different + resource types, so this + field implicitly contains + `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the time + series have the same resource + type, then the time series + are aggregated into a single + output time series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. Not all + alignment operations may + be applied to all time series. + The valid choices depend + on the `metric_kind` and + `value_type` of the original + time series. Alignment can + change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in + order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must + be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible + values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in a + XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods (e.g., + week-over-week metrics). The duration must be + positive, and it can only be applied to charts + with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a + linear scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a + linear scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + width: + description: The width of the tile, measured in grid squares. + format: int64 + type: integer + xPos: + description: The zero-indexed position of the tile in grid + squares relative to the left edge of the grid. + format: int64 + type: integer + yPos: + description: The zero-indexed position of the tile in grid + squares relative to the top edge of the grid. + format: int64 + type: integer + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rowLayout: + description: The content is divided into equally spaced rows and the + widgets are arranged horizontally. + properties: + rows: + description: The rows of content to display. + items: + properties: + weight: + description: The relative weight of this row. The row weight + is used to adjust the height of rows on the screen (relative + to peers). Greater the weight, greater the height of the + row on the screen. If omitted, a value of 1 is used while + rendering. + format: int64 + type: integer + widgets: + description: The display widgets arranged horizontally in + this row. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google + Cloud resource name of a `Project` resource + (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. For example, if the data + is published once every 10 minutes it would + not make sense to fetch and align data at + one minute intervals. This field is optional + and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine + the state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold + that triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum + alignment period to use in a time series + query For example, if the data is published + once every 10 minutes, the `min_alignment_period` + should be at least 10 minutes. It would + not make sense to fetch and align data + at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods + (e.g., week-over-week metrics). The duration + must be positive, and it can only be applied + to charts with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + type: object + type: object + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - goal + - projectRef + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservices.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringService + plural: monitoringservices + shortNames: + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Name used for UI elements listing this Service. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs + shortNames: + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. + items: + properties: + content: + type: string + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' + type: string + required: + - content + type: object + type: array + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. + type: string + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. + properties: + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' + type: string + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' + type: string + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. + type: string + required: + - filterLabels + - type + type: object + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for this uptime check config. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. + type: string + required: + - displayName + - projectRef + - timeout + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivityHub + plural: networkconnectivityhubs + shortNames: + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the hub. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the hub was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes + shortNames: + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the spoke. + type: string + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. + + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - hubRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the spoke was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies + shortNames: + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array + required: + - action + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies + shortNames: + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies + shortNames: + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEndpointPolicy + plural: networkservicesendpointpolicies + shortNames: + - gcpnetworkservicesendpointpolicy + - gcpnetworkservicesendpointpolicies + singular: networkservicesendpointpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizationPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + clientTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + endpointMatcher: + description: Required. A matcher that selects endpoints to which the + policies should be applied. + properties: + metadataLabelMatcher: + description: The matcher is based on node metadata presented by + xDS clients. + properties: + metadataLabelMatchCriteria: + description: 'Specifies how matching should be done. Supported + values are: MATCH_ANY: At least one of the Labels specified + in the matcher should match the metadata presented by xDS + client. MATCH_ALL: The metadata presented by the xDS client + should contain all of the labels specified here. The selection + is determined based on the best match. For example, suppose + there are three EndpointPolicy resources P1, P2 and P3 and + if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL + , and P3 has MATCH_ALL . If a client with label connects, + the config from P1 will be selected. If a client with label + connects, the config from P2 will be selected. If a client + with label connects, the config from P3 will be selected. + If there is more than one best match, (for example, if a + config P4 with selector exists and if a client with label + connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + metadataLabels: + description: The list of label value pairs that must match + labels in the provided metadata based on filterMatchCriteria + This list can have at most 64 entries. The list can be empty + if the match criteria is MATCH_ANY, to specify a wildcard + match (i.e this matches any client). + items: + properties: + labelName: + description: Required. Label name presented as key in + xDS Node Metadata. + type: string + labelValue: + description: Required. Label value presented as value + corresponding to the above key, in xDS Node Metadata. + type: string + required: + - labelName + - labelValue + type: object + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + trafficPortSelector: + description: Optional. Port selector for the (matched) endpoints. + If no port selector is provided, the matched config is applied to + all ports. + properties: + ports: + description: Optional. A list of ports. Can be port numbers or + port range (example, specifies all ports from 80 to 90, including + 80 and 90) or named ports or * to specify all ports. If the + list is empty, all ports are selected. + items: + type: string + type: array + type: object + type: + description: 'Required. The type of endpoint config. This is primarily + used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, + SIDECAR_PROXY, GRPC_SERVER' + type: string + required: + - endpointMatcher + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgateways.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGateway + plural: networkservicesgateways + shortNames: + - gcpnetworkservicesgateway + - gcpnetworkservicesgateways + singular: networkservicesgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addresses: + description: One or more addresses with ports in format of ":" that + the Gateway must receive traffic on. The proxy binds to the ports + specified. IP address can be anything that is allowed by the underlying + infrastructure (auto-allocation, static IP, BYOIP). + items: + type: string + type: array + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + ports: + description: Required. One or more ports that the Gateway must receive + traffic on. The proxy binds to the ports specified. Gateway listen + on 0.0.0.0 on the ports specified below. + items: + format: int64 + type: integer + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: Immutable. Required. Immutable. Scope determines how + configuration across multiple Gateway instances are merged. The + configuration for multiple Gateway instances with the same scope + will be merged as presented as a single coniguration to the proxy/load + balancer. Max length 64 characters. Scope should start with a letter + and can only have letters, numbers, hyphens. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. Immutable. The type of the customer managed + gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY' + type: string + required: + - location + - ports + - projectRef + - scope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGRPCRoute + plural: networkservicesgrpcroutes + shortNames: + - gcpnetworkservicesgrpcroute + - gcpnetworkservicesgrpcroutes + singular: networkservicesgrpcroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: 'Required. Service hostnames with an optional port for + which this route describes traffic. Format: [:] Hostname is the + fully qualified domain name of a network host. This matches the + RFC 1123 definition of a hostname with 2 notable exceptions: - IPs + are not allowed. - A hostname may be prefixed with a wildcard label + (*.). The wildcard label must appear by itself as the first label. + Hostname can be “precise” which is a domain name without the terminating + dot of a network host (e.g. “foo.example.com”) or “wildcard”, which + is a domain name prefixed with a single wildcard label (e.g. *.example.com). + Note that as per RFC1035 and RFC1123, a label must consist of lower + case alphanumeric characters or ‘-’, and must start and end with + an alphanumeric character. No other punctuation is allowed. The + routes associated with a Router must have unique hostnames. If you + attempt to attach multiple routes with conflicting hostnames, the + configuration will be rejected. For example, while it is acceptable + for routes for the hostnames "*.foo.bar.com" and "*.bar.com" to + be associated with the same route, it is not possible to associate + two routes both with "*.bar.com" or both with "bar.com". In the + case that multiple routes match the hostname, the most specific + match will be selected. For example, "foo.bar.baz.com" will take + precedence over "*.bar.baz.com" and "*.bar.baz.com" will take precedence + over "*.baz.com". If a port is specified, then gRPC clients must + use the channel URI with the port to match this rule (i.e. "xds:///service:123"), + otherwise they must supply the URI without a port (i.e. "xds:///service").' + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. A list of detailed rules defining how to route + traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated + with the first matching GrpcRoute.RouteRule will be executed. At + least one rule must be supplied. + items: + properties: + action: + description: Required. A detailed rule defining how to route + traffic. This field is required. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. If multiple destinations + are specified, traffic will be split between Backend Service(s) + according to the weight field of these destinations. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + faultInjectionPolicy: + description: Optional. The specification for fault injection + introduced into traffic to test the resiliency of clients + to destination service failure. As part of fault injection, + when clients send requests to a destination, delays can + be introduced on a percentage of requests before sending + those requests to the destination service. Similarly requests + from clients can be aborted by for a percentage of requests. + timeout and retry_policy will be ignored by clients that + are configured with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + retryPolicy: + description: Optional. Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specpfied, default + to 1. + format: int64 + type: integer + retryConditions: + description: '- connect-failure: Router will retry on + failures connecting to Backend Services, for example + due to connection timeouts. - refused-stream: Router + will retry if the backend service resets the stream + with a REFUSED_STREAM error code. This reset type + indicates that it is safe to retry. - cancelled: Router + will retry if the gRPC status code in the response + header is set to cancelled - deadline-exceeded: Router + will retry if the gRPC status code in the response + header is set to deadline-exceeded - resource-exhausted: + Router will retry if the gRPC status code in the response + header is set to resource-exhausted - unavailable: + Router will retry if the gRPC status code in the response + header is set to unavailable' + items: + type: string + type: array + type: object + timeout: + description: Optional. Specifies the timeout for selected + route. Timeout is computed from the time the request has + been fully processed (i.e. end of stream) up until the + response has been completely processed. Timeout includes + all retries. + type: string + type: object + matches: + description: Optional. Matches define conditions used for matching + the rule against incoming gRPC requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. If no matches field is specified, this rule will + unconditionally match traffic. + items: + properties: + headers: + description: Optional. Specifies a collection of headers + to match. + items: + properties: + key: + description: Required. The key of the header. + type: string + type: + description: 'Optional. Specifies how to match against + the value of the header. If not specified, a default + value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + value: + description: Required. The value of the header. + type: string + required: + - key + - value + type: object + type: array + method: + description: Optional. A gRPC method to match against. + If this field is empty or omitted, will match all methods. + properties: + caseSensitive: + description: Optional. Specifies that matches are + case sensitive. The default value is true. case_sensitive + must not be used with a type of REGULAR_EXPRESSION. + type: boolean + grpcMethod: + description: Required. Name of the method to match + against. If unspecified, will match all methods. + type: string + grpcService: + description: Required. Name of the service to match + against. If unspecified, will match all services. + type: string + type: + description: 'Optional. Specifies how to match against + the name. If not specified, a default value of "EXACT" + is used. Possible values: TYPE_UNSPECIFIED, EXACT, + REGULAR_EXPRESSION' + type: string + required: + - grpcMethod + - grpcService + type: object + type: object + type: array + required: + - action + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkserviceshttproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesHTTPRoute + plural: networkserviceshttproutes + shortNames: + - gcpnetworkserviceshttproute + - gcpnetworkserviceshttproutes + singular: networkserviceshttproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: Required. Hostnames define a set of hosts that should + match against the HTTP host header to select a HttpRoute to process + the request. Hostname is the fully qualified domain name of a network + host, as defined by RFC 1123 with the exception that ip addresses + are not allowed. Wildcard hosts are supported as "*" (no prefix + or suffix allowed). + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. + items: + properties: + action: + description: The detailed rule defining how to route matched + traffic. + properties: + corsPolicy: + description: The specification for allowing client side + cross-origin requests. + properties: + allowCredentials: + description: In response to a preflight request, setting + this to true indicates that the actual request can + include user credentials. This translates to the Access-Control-Allow-Credentials + header. Default value is false. + type: boolean + allowHeaders: + description: Specifies the content for Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: Specifies the regular expression patterns + that match allowed origins. For regular expression + grammar, please see https://github.com/google/re2/wiki/Syntax. + items: + type: string + type: array + allowOrigins: + description: Specifies the list of origins that will + be allowed to do CORS requests. An origin is allowed + if it matches either an item in allow_origins or an + item in allow_origin_regexes. + items: + type: string + type: array + disabled: + description: If true, the CORS policy is disabled. The + default value is false, which indicates that the CORS + policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: Specifies how long result of a preflight + request can be cached in seconds. This translates + to the Access-Control-Max-Age header. + type: string + type: object + destinations: + description: The destination to which traffic should be + forwarded. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights in + this destination list). For non-zero values, there + may be some epsilon from the exact proportion defined + here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + type: object + type: array + faultInjectionPolicy: + description: The specification for fault injection introduced + into traffic to test the resiliency of clients to backend + service failure. As part of fault injection, when clients + send requests to a backend service, delays can be introduced + on a percentage of requests before sending those requests + to the backend service. Similarly requests from clients + can be aborted for a percentage of requests. timeout and + retry_policy will be ignored by clients that are configured + with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + redirect: + description: If set, the request is directed as configured + by this field. + properties: + hostRedirect: + description: The host that will be used in the redirect + response instead of the one that was supplied in the + request. + type: string + httpsRedirect: + description: If set to true, the URL scheme in the redirected + request is set to https. If set to false, the URL + scheme of the redirected request will remain the same + as that of the request. The default is set to false. + type: boolean + pathRedirect: + description: The path that will be used in the redirect + response instead of the one that was supplied in the + request. path_redirect can not be supplied together + with prefix_redirect. Supply one alone or neither. + If neither is supplied, the path of the original request + will be used for the redirect. + type: string + portRedirect: + description: The port that will be used in the redirected + request instead of the one that was supplied in the + request. + format: int64 + type: integer + prefixRewrite: + description: Indicates that during redirection, the + matched prefix (or path) should be swapped with this + value. This option allows URLs be dynamically created + based on the request. + type: string + responseCode: + description: 'The HTTP Status code to use for the redirect. + Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, + SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT' + type: string + stripQuery: + description: if set to true, any accompanying query + portion of the original URL is removed prior to redirecting + the request. If set to false, the query portion of + the original URL is retained. The default is set to + false. + type: boolean + type: object + requestHeaderModifier: + description: The specification for modifying the headers + of a matching request prior to delivery of the request + to the destination. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + requestMirrorPolicy: + description: Specifies the policy on how requests intended + for the routes destination are shadowed to a separate + mirrored destination. Proxy will not wait for the shadow + destination to respond before returning the response. + Prior to sending traffic to the shadow service, the host/authority + header is suffixed with -shadow. + properties: + destination: + description: The destination the requests will be mirrored + to. The weight of the destination will be ignored. + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified + and it has a weight greater than 0, 100% of the + traffic is forwarded to that backend. If weights + are specified for any one service name, they need + to be specified for all of them. If weights are + unspecified for all services, then, traffic is + distributed in equal proportions to all of them.' + format: int64 + type: integer + type: object + type: object + responseHeaderModifier: + description: The specification for modifying the headers + of a response prior to sending the response back to the + client. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specified, default + to 1. + format: int64 + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per retry + attempt. + type: string + retryConditions: + description: 'Specifies one or more conditions when + this retry policy applies. Valid values are: 5xx: + Proxy will attempt a retry if the destination service + responds with any 5xx response code, of if the destination + service does not respond at all, example: disconnect, + reset, read timeout, connection failure and refused + streams. gateway-error: Similar to 5xx, but only applies + to response codes 502, 503, 504. reset: Proxy will + attempt a retry if the destination service does not + respond at all (disconnect/reset/read timeout) connect-failure: + Proxy will retry on failures connecting to destination + for example due to connection timeouts. retriable-4xx: + Proxy will retry fro retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream: Proxy will retry if the destination + resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry.' + items: + type: string + type: array + type: object + timeout: + description: Specifies the timeout for selected route. Timeout + is computed from the time the request has been fully processed + (i.e. end of stream) up until the response has been completely + processed. Timeout includes all retries. + type: string + urlRewrite: + description: The specification for rewrite URL before forwarding + requests to the destination. + properties: + hostRewrite: + description: Prior to forwarding the request to the + selected destination, the requests host header is + replaced by this value. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request to the + selected destination, the matching portion of the + requests path is replaced by this value. + type: string + type: object + type: object + matches: + description: A list of matches define conditions used for matching + the rule against incoming HTTP requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. + items: + properties: + fullPathMatch: + description: The HTTP request path value should exactly + match this value. Only one of full_path_match, prefix_match, + or regex_match should be used. + type: string + headers: + description: Specifies a list of HTTP request headers + to match against. ALL of the supplied headers must be + matched. + items: + properties: + exactMatch: + description: The value of the header should match + exactly the content of exact_match. + type: string + header: + description: The name of the HTTP header to match + against. + type: string + invertMatch: + description: If specified, the match result will + be inverted before checking. Default value is + set to false. + type: boolean + prefixMatch: + description: The value of the header must start + with the contents of prefix_match. + type: string + presentMatch: + description: A header with header_name must exist. + The match takes place whether or not the header + has a value. + type: boolean + rangeMatch: + description: If specified, the rule will match if + the request header value is within the range. + properties: + end: + description: End of the range (exclusive) + format: int64 + type: integer + start: + description: Start of the range (inclusive) + format: int64 + type: integer + type: object + regexMatch: + description: 'The value of the header must match + the regular expression specified in regex_match. + For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax' + type: string + suffixMatch: + description: The value of the header must end with + the contents of suffix_match. + type: string + type: object + type: array + ignoreCase: + description: Specifies if prefix_match and full_path_match + matches are case sensitive. The default value is false. + type: boolean + prefixMatch: + description: The HTTP request path value must begin with + specified prefix_match. prefix_match must begin with + a /. Only one of full_path_match, prefix_match, or regex_match + should be used. + type: string + queryParameters: + description: Specifies a list of query parameters to match + against. ALL of the query parameters must be matched. + items: + properties: + exactMatch: + description: The value of the query parameter must + exactly match the contents of exact_match. Only + one of exact_match, regex_match, or present_match + must be set. + type: string + presentMatch: + description: Specifies that the QueryParameterMatcher + matches if request contains query parameter, irrespective + of whether the parameter has a value or not. Only + one of exact_match, regex_match, or present_match + must be set. + type: boolean + queryParameter: + description: The name of the query parameter to + match. + type: string + regexMatch: + description: The value of the query parameter must + match the regular expression specified by regex_match. + For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax + Only one of exact_match, regex_match, or present_match + must be set. + type: string + type: object + type: array + regexMatch: + description: The HTTP request path value must satisfy + the regular expression specified by regex_match after + removing any query parameters and anchor supplied with + the original URL. For regular expression grammar, please + see https://github.com/google/re2/wiki/Syntax Only one + of full_path_match, prefix_match, or regex_match should + be used. + type: string + type: object + type: array + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesmeshes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesMesh + plural: networkservicesmeshes + shortNames: + - gcpnetworkservicesmesh + - gcpnetworkservicesmeshes + singular: networkservicesmesh + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + interceptionPort: + description: Optional. If set to a valid TCP port (1-65535), instructs + the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) + address. The SIDECAR proxy will expect all traffic to be redirected + to this port regardless of its actual ip:port destination. If unset, + a port '15001' is used as the interception port. This field is only + valid if the type of Mesh is SIDECAR. + format: int64 + type: integer + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestcproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTCPRoute + plural: networkservicestcproutes + shortNames: + - gcpnetworkservicestcproute + - gcpnetworkservicestcproutes + singular: networkservicestcproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + originalDestination: + description: Optional. If true, Router will use the destination + IP and port of the original connection as the destination + of the request. Default is false. + type: boolean + type: object + matches: + description: Optional. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are “OR”ed for evaluation. If no routeMatch field is specified, + this rule will unconditionally match traffic. + items: + properties: + address: + description: 'Required. Must be specified in the CIDR + range format. A CIDR range consists of an IP Address + and a prefix length to construct the subnet mask. By + default, the prefix length is 32 (i.e. matches a single + IP address). Only IPV4 addresses are supported. Examples: + “10.0.0.1” - matches against this exact IP address. + “10.0.0.0/8" - matches against any IP address within + the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" + - matches against any IP address''.' + type: string + port: + description: Required. Specifies the destination port + to match against. + type: string + required: + - address + - port + type: object + type: array + required: + - action + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestlsroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTLSRoute + plural: networkservicestlsroutes + shortNames: + - gcpnetworkservicestlsroute + - gcpnetworkservicestlsroutes + singular: networkservicestlsroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Required. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwareded to the backend referenced by + the service_name field. This is computed as: weight/Sum(weights + in destinations) Weights in all destinations does + not need to sum up to 100.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + required: + - destinations + type: object + matches: + description: Required. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are "OR"ed for evaluation. + items: + properties: + alpn: + description: 'Optional. ALPN (Application-Layer Protocol + Negotiation) to match against. Examples: "http/1.1", + "h2". At least one of sni_host and alpn is required. + Up to 5 alpns across all matches can be set.' + items: + type: string + type: array + sniHost: + description: Optional. SNI (server name indicator) to + match against. SNI will be matched against all wildcard + domains, i.e. www.example.com will be first matched + against www.example.com, then *.example.com, then *.com. + Partial wildcards are not supported, and values like + *w.example.com are invalid. At least one of sni_host + and alpn is required. Up to 5 sni hosts across all matches + can be set. + items: + type: string + type: array + type: object + type: array + required: + - action + - matches + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigguestpolicies.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigGuestPolicy + plural: osconfigguestpolicies + shortNames: + - gcposconfigguestpolicy + - gcposconfigguestpolicies + singular: osconfigguestpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assignment: + description: Specifies the VMs that are assigned this policy. This + allows you to target sets or groups of VMs by different parameters + such as labels, names, OS, or zones. Empty assignments will target + ALL VMs underneath this policy. Conflict Management Policies that + exist higher up in the resource hierarchy (closer to the Org) will + override those lower down if there is a conflict. At the same level + in the resource hierarchy (ie. within a project), the service will + prevent the creation of multiple policies that conflict with each + other. If there are multiple policies that specify the same config + (eg. package, software recipe, repository, etc.), the service will + ensure that no VM could potentially receive instructions from both + policies. To create multiple policies that specify different versions + of a package or different configs for different Operating Systems, + each policy must be mutually exclusive in their targeting according + to labels, OS, or other criteria. Different configs are identified + for conflicts in different ways. Packages are identified by their + name and the package manager(s) they target. Package repositories + are identified by their unique id where applicable. Some package + managers don't have a unique identifier for repositories and where + that's the case, no uniqueness is validated by the service. Note + that if OS Inventory is disabled, a VM will not be assigned a policy + that targets by OS because the service will see this VM's OS as + unknown. + properties: + groupLabels: + description: Targets instances matching at least one of these + label sets. This allows an assignment to target disparate groups, + for example "env=prod or env=staging". + items: + properties: + labels: + additionalProperties: + type: string + description: Google Compute Engine instance labels that + must be present for an instance to be included in this + assignment group. + type: object + type: object + type: array + instanceNamePrefixes: + description: Targets VM instances whose name starts with one of + these prefixes. Like labels, this is another way to group VM + instances when targeting configs, for example prefix="prod-". + Only supported for project-level policies. + items: + type: string + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + osTypes: + description: Targets VM instances matching at least one of the + following OS types. VM instances must match all supplied criteria + for a given OsType to be included. + items: + properties: + osArchitecture: + description: Targets VM instances with OS Inventory enabled + and having the following OS architecture. + type: string + osShortName: + description: Targets VM instances with OS Inventory enabled + and having the following OS short name, for example "debian" + or "windows". + type: string + osVersion: + description: Targets VM instances with OS Inventory enabled + and having the following following OS version. + type: string + type: object + type: array + zones: + description: Targets instances in any of these zones. Leave empty + to target instances in any zone. Zonal targeting is uncommon + and is supported to facilitate the management of changes by + zone. + items: + type: string + type: array + type: object + description: + description: Description of the GuestPolicy. Length of the description + is limited to 1024 characters. + type: string + packageRepositories: + description: List of package repository configurations assigned to + the VM instance. + items: + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Type of archive files in this repository. + The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, + DEB, DEB_SRC' + type: string + components: + description: Required. List of components for this repository. + Must contain at least one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this repository. + type: string + gpgKey: + description: URI of the key file for this repository. The + agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` + containing all the keys in any applied guest policy. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the Yum config file + and also the `display_name` if `display_name` is omitted. + This id is also used as the unique identifier when checking + for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the zypper config + file and also the `display_name` if `display_name` is + omitted. This id is also used as the unique identifier + when checking for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + type: array + packages: + description: List of package configurations assigned to the VM instance. + items: + properties: + desiredState: + description: 'The desired_state the agent should maintain for + this package. The default is to ensure the package is installed. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + manager: + description: 'Type of package manager that can be used to install + this package. If a system does not have the package manager, + the package is not installed or removed no error message is + returned. By default, or if you specify `ANY`, the agent attempts + to install and remove this package using the default package + manager. This is useful when creating a policy that applies + to different types of systems. The default behavior is ANY. + Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, + GOO' + type: string + name: + description: Required. The name of the package. A package is + uniquely identified for conflict validation by checking the + package name and the manager(s) that the package targets. + type: string + type: object + type: array + recipes: + description: Optional. A list of Recipes to install on the VM. + items: + properties: + artifacts: + description: Resources available to be used in the steps in + the recipe. + items: + properties: + allowInsecure: + description: 'Defaults to false. When false, recipes are + subject to validations based on the artifact type: Remote: + A checksum must be specified, and only protocols with + transport-layer security are permitted. GCS: An object + generation number must be specified.' + type: boolean + gcs: + description: A Google Cloud Storage artifact. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: Must be provided if allow_insecure is + false. Generation number of the Google Cloud Storage + object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `1234567`. + format: int64 + type: integer + object: + description: 'Name of the Google Cloud Storage object. + As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) + Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `foo/bar`.' + type: string + type: object + id: + description: Required. Id of the artifact, which the installation + and update steps of this recipe can reference. Artifacts + in a recipe cannot have the same id. + type: string + remote: + description: A generic remote artifact. + properties: + checksum: + description: Must be provided if `allow_insecure` + is `false`. SHA256 checksum in hex format, to compare + to the checksum of the artifact. If the checksum + is not empty and it doesn't match the artifact then + the recipe installation fails before running any + of the steps. + type: string + uri: + description: 'URI from which to fetch the object. + It should contain both the protocol and path following + the format: {protocol}://{location}.' + type: string + type: object + type: object + type: array + desiredState: + description: 'Default is INSTALLED. The desired state the agent + should maintain for this recipe. INSTALLED: The software recipe + is installed on the instance but won''t be updated to new + versions. UPDATED: The software recipe is installed on the + instance. The recipe is updated to a higher version, if a + higher version of the recipe is assigned to this instance. + REMOVE: Remove is unsupported for software recipes and attempts + to create or update a recipe to the REMOVE state is rejected. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + installSteps: + description: Actions to be taken for installing this recipe. + On failure it stops executing steps and does not attempt another + installation. Any steps taken (including partially completed + steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + name: + description: Required. Unique identifier for the recipe. Only + one recipe with a given name is installed on an instance. + Names are also used to identify resources which helps to determine + whether guest policies have conflicts. This means that requests + to create multiple recipes with the same name and version + are rejected since they could potentially have conflicting + assignments. + type: string + updateSteps: + description: Actions to be taken for updating this recipe. On + failure it stops executing steps and does not attempt another + update for this recipe. Any steps taken (including partially + completed steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + version: + description: The version of this software recipe. Version can + be up to 4 period separated numbers (e.g. 12.34.56.78). + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. Time this GuestPolicy was created. + format: date-time + type: string + etag: + description: The etag for this GuestPolicy. If this is provided on + update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Last time this GuestPolicy was updated. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigospolicyassignments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigOSPolicyAssignment + plural: osconfigospolicyassignments + shortNames: + - gcposconfigospolicyassignment + - gcposconfigospolicyassignments + singular: osconfigospolicyassignment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: OS policy assignment description. Length of the description + is limited to 1024 characters. + type: string + instanceFilter: + description: Required. Filter to select VMs. + properties: + all: + description: Target all VMs in the project. If true, no other + criteria is permitted. + type: boolean + exclusionLabels: + description: List of label sets used for VM exclusion. If the + list has more than one label set, the VM is excluded if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inclusionLabels: + description: List of label sets used for VM inclusion. If the + list has more than one `LabelSet`, the VM is included if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inventories: + description: List of inventories to select VMs. A VM is selected + if its inventory data matches at least one of the following + inventories. + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. For + example, to match all versions with a major version of + `7`, specify the following value for this field `7.*` + An empty string matches all OS versions. + type: string + required: + - osShortName + type: object + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + osPolicies: + description: Required. List of OS policies to be applied to the VMs. + items: + properties: + allowNoResourceGroupMatch: + description: This flag determines the OS policy compliance status + when none of the resource groups within the policy are applicable + for a VM. Set this value to `true` if the policy needs to + be reported as compliant even if the policy has nothing to + validate or enforce. + type: boolean + description: + description: Policy description. Length of the description is + limited to 1024 characters. + type: string + id: + description: 'Required. The id of the OS policy with the following + restrictions: * Must contain only lowercase letters, numbers, + and hyphens. * Must start with a letter. * Must be between + 1-63 characters. * Must end with a number or a letter. * Must + be unique within the assignment.' + type: string + mode: + description: 'Required. Policy mode Possible values: MODE_UNSPECIFIED, + VALIDATION, ENFORCEMENT' + type: string + resourceGroups: + description: Required. List of resource groups for the policy. + For a particular VM, resource groups are evaluated in the + order specified and the first resource group that is applicable + is selected and the rest are ignored. If none of the resource + groups are applicable for a VM, the VM is considered to be + non-compliant w.r.t this policy. This behavior can be toggled + by the flag `allow_no_resource_group_match` + items: + properties: + inventoryFilters: + description: 'List of inventory filters for the resource + group. The resources in this resource group are applied + to the target VM if it satisfies at least one of the + following inventory filters. For example, to apply this + resource group to VMs running either `RHEL` or `CentOS` + operating systems, specify 2 items for the list with + following values: inventory_filters[0].os_short_name=''rhel'' + and inventory_filters[1].os_short_name=''centos'' If + the list is empty, this resource group will be applied + to the target VM unconditionally.' + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. + For example, to match all versions with a major + version of `7`, specify the following value for + this field `7.*` An empty string matches all OS + versions. + type: string + required: + - osShortName + type: object + type: array + resources: + description: Required. List of resources configured for + this resource group. The resources are executed in the + exact order specified here. + items: + properties: + exec: + description: Exec resource + properties: + enforce: + description: What to run to bring this resource + into the desired state. An exit code of 100 + indicates "success", any other exit code indicates + a failure running enforce. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + validate: + description: Required. What to run to validate + this resource is in the desired state. An + exit code of 100 indicates "in desired state", + and exit code of 101 indicates "not in desired + state". Any other exit code indicates a failure + running validate. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + required: + - validate + type: object + file: + description: File resource + properties: + content: + description: A a file with this content. The + size of the content is limited to 1024 characters. + type: string + file: + description: A remote or local source. + properties: + allowInsecure: + description: 'Defaults to false. When false, + files are subject to validations based + on the file type: Remote: A checksum must + be specified. Cloud Storage: An object + generation number must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of the + Cloud Storage object. + type: string + generation: + description: Generation number of the + Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the Cloud + Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the VM + to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of the + remote file. + type: string + uri: + description: Required. URI from which + to fetch the object. It should contain + both the protocol and path following + the format `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + path: + description: Required. The absolute path of + the file within the VM. + type: string + permissions: + description: 'Consists of three octal digits + which represent, in order, the permissions + of the owner, group, and other users for the + file (similarly to the numeric mode used in + the linux chmod utility). Each digit represents + a three bit number with the 4 bit corresponding + to the read permissions, the 2 bit corresponds + to the write bit, and the one bit corresponds + to the execute permission. Default behavior + is 755. Below are some examples of permissions + and their associated values: read, write, + and execute: 7 read and execute: 5 read and + write: 6 read only: 4' + type: string + state: + description: 'Required. Desired state of the + file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, + COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE' + type: string + required: + - path + - state + type: object + id: + description: 'Required. The id of the resource with + the following restrictions: * Must contain only + lowercase letters, numbers, and hyphens. * Must + start with a letter. * Must be between 1-63 characters. + * Must end with a number or a letter. * Must be + unique within the OS policy.' + type: string + pkg: + description: Package resource + properties: + apt: + description: A package managed by Apt. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + deb: + description: A deb package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `dpkg -i package` - install when true: + `apt-get update && apt-get -y install + package.deb`' + type: boolean + source: + description: Required. A deb package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + desiredState: + description: 'Required. The desired state the + agent should maintain for this package. Possible + values: DESIRED_STATE_UNSPECIFIED, INSTALLED, + REMOVED' + type: string + googet: + description: A package managed by GooGet. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + msi: + description: An MSI package. + properties: + properties: + description: Additional properties to use + during installation. This should be in + the format of Property=Setting. Appended + to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. + items: + type: string + type: array + source: + description: Required. The MSI package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + rpm: + description: An rpm package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `rpm --upgrade --replacepkgs package.rpm` + - install when true: `yum -y install package.rpm` + or `zypper -y install package.rpm`' + type: boolean + source: + description: Required. An rpm package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + yum: + description: A package managed by YUM. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + zypper: + description: A package managed by Zypper. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + required: + - desiredState + type: object + repository: + description: Package repository resource + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Required. Type of archive + files in this repository. Possible values: + ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' + type: string + components: + description: Required. List of components + for this repository. Must contain at least + one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this + repository. + type: string + gpgKey: + description: URI of the key file for this + repository. The agent maintains a keyring + at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - archiveType + - components + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the yum config file and also + the `display_name` if `display_name` is + omitted. This id is also used as the unique + identifier when checking for resource + conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the zypper config file and + also the `display_name` if `display_name` + is omitted. This id is also used as the + unique identifier when checking for GuestPolicy + conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is not set, the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schemaSettings: + description: Settings for validating messages published against a + schema. + properties: + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - schemaRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com +spec: + group: recaptchaenterprise.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys + shortNames: + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array + type: object + displayName: + description: Human-readable display name of this key. Modifiable by + user. + type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. + properties: + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. + type: boolean + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. + type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. + type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string + tier: + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + type: string + required: + - memorySizeGb + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string + type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time of creation. + type: string + name: + description: A system-generated unique identifier for this Lien. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies + shortNames: + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. + properties: + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced + type: object + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . + properties: + allow: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean + required: + - default + type: object + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: Required. The template used to create revisions for this + Service. + properties: + annotations: + additionalProperties: + type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: + type: string + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. + properties: + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. + properties: + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + name: + description: Required. Volume's name. + type: string + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' + format: int64 + type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object + type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string + type: object + type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. + properties: + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecret + plural: secretmanagersecrets + shortNames: + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. + items: + properties: + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string + required: + - location + type: object + type: array + required: + - replicas + type: object + type: object + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. + properties: + nextRotationTime: + description: |- + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. + type: string + type: object + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - replication + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions + shortNames: + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretRef: + description: Secret Manager secret resource + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string + name: + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints + shortNames: + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer + resourceID: + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces + shortNames: + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryService + plural: servicedirectoryservices + shortNames: + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - namespaceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceIdentity + plural: serviceidentities + shortNames: + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com +spec: + group: servicenetworking.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections + shortNames: + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. + type: string + required: + - networkRef + - reservedPeeringRanges + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + peering: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: services.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com +spec: + group: sourcerepo.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SourceRepoRepository + plural: sourcereporepositories + shortNames: + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: An explanation of the status of the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerinstances.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerInstance + plural: spannerinstances + shortNames: + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: |- + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + type: string + displayName: + description: |- + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - config + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqldatabases.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLDatabase + plural: sqldatabases + shortNames: + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlinstances.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLInstance + plural: sqlinstances + shortNames: + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. + type: string + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: string + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. + type: string + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. + type: string + required: + - tier + type: object + required: + - settings + type: object + status: + properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlsslcerts.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLSSLCert + plural: sqlsslcerts + shortNames: + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - commonName + - instanceRef + type: object + status: + properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlusers.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLUser + plural: sqlusers + shortNames: + - gcpsqluser + - gcpsqlusers + singular: sqluser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + password: + description: |- + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. + type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols + shortNames: + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' + type: string + required: + - bucketRef + - entity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebuckets.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucket + plural: storagebuckets + shortNames: + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object + required: + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. + properties: + logBucket: + description: The bucket that will receive log objects. + type: string + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. + type: string + required: + - logBucket + type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols + shortNames: + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' + type: string + required: + - bucketRef + - entity + - role + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagenotifications.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageNotification + plural: storagenotifications + shortNames: + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. + type: string + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". + type: string + resourceID: + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - bucketRef + - payloadFormat + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notificationId: + description: The ID of the created notification. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferJob + plural: storagetransferjobs + shortNames: + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Unique description to identify the Transfer Job. + type: string + notificationConfig: + description: Notification configuration. + properties: + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - payloadFormat + - topicRef + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. + properties: + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' + type: string + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. + properties: + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. + type: integer + required: + - hours + - minutes + - nanos + - seconds + type: object + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. + properties: + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. + type: string + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. + type: string + required: + - bucketName + type: object + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. + properties: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + gcsDataSource: + description: A Google Cloud Storage data source. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. + type: string + required: + - listUrl + type: object + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object + type: object + required: + - description + - transferSpec + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: When the Transfer Job was created. + type: string + deletionTime: + description: When the Transfer Job was deleted. + type: string + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagBinding + plural: tagstagbindings + shortNames: + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagkeys.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagKey + plural: tagstagkeys + shortNames: + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parent + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagvalues.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagValue + plural: tagstagvalues + shortNames: + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parentRef + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: vpcaccessconnectors.vpcaccess.cnrm.cloud.google.com +spec: + group: vpcaccess.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VPCAccessConnector + plural: vpcaccessconnectors + shortNames: + - gcpvpcaccessconnector + - gcpvpcaccessconnectors + singular: vpcaccessconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ipCidrRange: + description: 'Immutable. The range of internal addresses that follows + RFC 4632 notation. Example: `10.132.0.0/28`.' + type: string + location: + description: Immutable. The location for the resource + type: string + machineType: + description: Immutable. Machine type of VM Instance underlying connector. + Default is e2-micro + type: string + maxInstances: + description: Immutable. Maximum value of instances in autoscaling + group underlying the connector. + format: int64 + type: integer + maxThroughput: + description: Immutable. Maximum throughput of the connector in Mbps. + Default is 200, max is 1000. + format: int64 + type: integer + minInstances: + description: Immutable. Minimum value of instances in autoscaling + group underlying the connector. + format: int64 + type: integer + minThroughput: + description: Immutable. Minimum throughput of the connector in Mbps. + Default and min is 200. + format: int64 + type: integer + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of a VPC network. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnet: + description: Immutable. The subnet in which to house the VPC Access + Connector. + properties: + nameRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be: {subnetName} + + Allowed value: The Google Cloud resource name of a `ComputeSubnetwork` resource (format: `projects/{{project}}/regions/{{region}}/subnetworks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedProjects: + description: Output only. List of projects using the connector. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the VPC access connector. Possible + values: STATE_UNSPECIFIED, READY, CREATING, DELETING, ERROR, UPDATING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml b/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml new file mode 100644 index 0000000000..a12ecc3d85 --- /dev/null +++ b/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml @@ -0,0 +1,183 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + iam.gke.io/gcp-service-account: cnrm-system-${NAMESPACE?}@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding-${NAMESPACE?} + namespace: ${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-binding-${NAMESPACE?} + namespace: ${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-binding-${NAMESPACE?} + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-binding-${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-${NAMESPACE?} + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager-${NAMESPACE?} + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --scoped-namespace=${NAMESPACE?} + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + image: gcr.io/cnrm-eap/controller:fc8237b + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager-${NAMESPACE?} + terminationGracePeriodSeconds: 10 diff --git a/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml new file mode 100644 index 0000000000..38cea85c48 --- /dev/null +++ b/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml @@ -0,0 +1,1891 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-watcher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-manager + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.102.0 + image: gcr.io/cnrm-eap/recorder:fc8237b + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + hostPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: false + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/cnrm-eap/webhook:fc8237b + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + image: gcr.io/cnrm-eap/controller:fc8237b + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/cnrm-eap/deletiondefender:fc8237b + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' + cnrm.cloud.google.com/version: 1.102.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 90 diff --git a/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml b/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml new file mode 100644 index 0000000000..1871feb5e1 --- /dev/null +++ b/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml @@ -0,0 +1,80645 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevel + plural: accesscontextmanageraccesslevels + shortNames: + - gcpaccesscontextmanageraccesslevel + - gcpaccesscontextmanageraccesslevels + singular: accesscontextmanageraccesslevel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerAccessLevel lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + basic: + description: A set of predefined conditions for the access level and + a combining function. + properties: + combiningFunction: + description: |- + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]. + type: string + conditions: + description: A set of requirements for the AccessLevel to be granted. + items: + properties: + devicePolicy: + description: |- + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", + "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", + "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' + type: string + requireVerifiedChromeOs: + description: If you specify DESKTOP_CHROME_OS + for osType, you can optionally include requireVerifiedChromeOs + to require Chrome Verified Access. + type: boolean + required: + - osType + type: object + type: array + requireAdminApproval: + description: Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + items: + description: |- + An allowed list of members (users, service accounts). + Using groups is not supported. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format + `serviceAccount:{{value}}`, where {{value}} + is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + negate: + description: |- + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + items: + description: |- + A list of other access levels defined in the same policy. + Referencing an AccessContextManagerAccessLevel which does not exist + is an error. All access levels listed must be granted for the + condition to be true. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + type: array + required: + - conditions + type: object + custom: + description: "Custom access level conditions are set using the Cloud + Common Expression Language to represent the necessary conditions + for the level to apply to a request. \nSee CEL spec at: https://github.com/google/cel-spec." + properties: + expr: + description: "Represents a textual expression in the Common Expression + Language (CEL) syntax. CEL is a C-like expression language.\nThis + page details the objects and attributes that are used to the + build the CEL expressions for \ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec." + properties: + description: + description: Description of the expression. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: String indicating the location of the expression + for error reporting, e.g. a file name and a position in + the file. + type: string + title: + description: Title for the expression, i.e. a short string + describing its purpose. + type: string + required: + - expression + type: object + required: + - expr + type: object + description: + description: Description of the AccessLevel and its use. Does not + affect behavior. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + title: + description: Human readable title. Must be unique within the Policy. + type: string + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessPolicy + plural: accesscontextmanageraccesspolicies + shortNames: + - gcpaccesscontextmanageraccesspolicy + - gcpaccesscontextmanageraccesspolicies + singular: accesscontextmanageraccesspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + title: + description: Human readable title. Does not affect behavior. + type: string + required: + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + name: + description: 'Resource name of the AccessPolicy. Format: {policy_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeter + plural: accesscontextmanagerserviceperimeters + shortNames: + - gcpaccesscontextmanagerserviceperimeter + - gcpaccesscontextmanagerserviceperimeters + singular: accesscontextmanagerserviceperimeter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerServicePerimeter lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: |- + Description of the ServicePerimeter and its use. Does not affect + behavior. + type: string + perimeterType: + description: |- + Immutable. Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: |- + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the 'useExplicitDryRunSpec' flag is set. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: "List of EgressPolicies to apply to the perimeter. + A perimeter may \nhave multiple EgressPolicies, each of which + is evaluated separately.\nAccess is granted if any EgressPolicy + grants it. Must be empty for \na perimeter bridge." + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access to outside the \nperimeter. If + left unspecified, then members of 'identities' field + will \nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + type: object + egressTo: + description: "Defines the conditions on the 'ApiOperation' + and destination resources that \ncause this 'EgressPolicy' + to apply." + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: "A list of 'ApiOperations' that this egress + rule applies to. A request matches \nif it contains + an operation/service in this list." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong \nto the service + specified by 'serviceName' field. A single MethodSelector + \nentry with '*' specified for the 'method' + field will allow all methods \nAND permissions + for the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for 'method' should + be a valid method name for the corresponding + \n'serviceName' in 'ApiOperation'. If + '*' used as value for method, \nthen ALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + serviceName \nfield set to '*' will allow all + methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + ingress policy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access from outside the \nperimeter. If + left unspecified, then members of 'identities' field + will be \nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: "A list of 'ApiOperations' the sources + specified in corresponding 'IngressFrom' \nare allowed + to perform in this 'ServicePerimeter'." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong to \nthe service + specified by serviceName field. A single 'MethodSelector' + entry \nwith '*' specified for the method field + will allow all methods AND \npermissions for + the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for method should be + a valid method name for the corresponding + \nserviceName in 'ApiOperation'. If '*' + used as value for 'method', then \nALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + 'serviceName' \nfield set to '*' will allow + all methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + status: + description: |- + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: "List of EgressPolicies to apply to the perimeter. + A perimeter may \nhave multiple EgressPolicies, each of which + is evaluated separately.\nAccess is granted if any EgressPolicy + grants it. Must be empty for \na perimeter bridge." + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access to outside the \nperimeter. If + left unspecified, then members of 'identities' field + will \nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + type: object + egressTo: + description: "Defines the conditions on the 'ApiOperation' + and destination resources that \ncause this 'EgressPolicy' + to apply." + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: "A list of 'ApiOperations' that this egress + rule applies to. A request matches \nif it contains + an operation/service in this list." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong \nto the service + specified by 'serviceName' field. A single MethodSelector + \nentry with '*' specified for the 'method' + field will allow all methods \nAND permissions + for the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for 'method' should + be a valid method name for the corresponding + \n'serviceName' in 'ApiOperation'. If + '*' used as value for method, \nthen ALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + serviceName \nfield set to '*' will allow all + methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: "Specifies the type of identities that + are allowed access from outside the \nperimeter. If + left unspecified, then members of 'identities' field + will be \nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", + \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]." + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: "A list of 'ApiOperations' the sources + specified in corresponding 'IngressFrom' \nare allowed + to perform in this 'ServicePerimeter'." + items: + properties: + methodSelectors: + description: "API methods or permissions to allow. + Method or permission must belong to \nthe service + specified by serviceName field. A single 'MethodSelector' + entry \nwith '*' specified for the method field + will allow all methods AND \npermissions for + the service specified in 'serviceName'." + items: + properties: + method: + description: "Value for method should be + a valid method name for the corresponding + \nserviceName in 'ApiOperation'. If '*' + used as value for 'method', then \nALL + methods and permissions are allowed." + type: string + permission: + description: "Value for permission should + be a valid Cloud IAM permission for the + \ncorresponding 'serviceName' in 'ApiOperation'." + type: string + type: object + type: array + serviceName: + description: "The name of the API whose methods + or permissions the 'IngressPolicy' or \n'EgressPolicy' + want to allow. A single 'ApiOperation' with + 'serviceName' \nfield set to '*' will allow + all methods AND permissions for all services." + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + title: + description: Human readable title. Must be unique within the Policy. + type: string + useExplicitDryRunSpec: + description: |- + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. + type: boolean + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeenvironments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvironment + plural: apigeeenvironments + shortNames: + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apigeeOrganizationRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: + type: string + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apigeeOrganizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeorganizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeOrganization + plural: apigeeorganizations + shortNames: + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean + type: object + type: object + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string + required: + - analyticsRegion + - projectRef + - runtimeType + type: object + status: + properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com +spec: + group: artifactregistry.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories + shortNames: + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The user-provided description of the repository. + type: string + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + type: string + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The name of the location this repository is + located in. + type: string + mavenConfig: + description: |- + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string + type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object + resourceID: + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + required: + - format + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + name: + description: |- + The name of the repository, for example: + "projects/p1/locations/us-central1/repositories/repo1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasets.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataset + plural: bigquerydatasets + shortNames: + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryJob + plural: bigqueryjobs + shortNames: + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + copy: + description: Immutable. Copies a table. + properties: + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - sourceTables + type: object + extract: + description: Immutable. Configures an extract job. + properties: + compression: + description: |- + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + type: string + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + type: string + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: + type: string + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. + properties: + allowJaggedRows: + description: |- + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + type: string + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + type: string + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + items: + type: string + type: array + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. + items: + type: string + type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - destinationTable + - sourceUris + type: object + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobType: + description: The type of the job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. + items: + properties: + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' + type: string + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. + type: string + type: object + type: array + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: + description: |- + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + items: + type: string + type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string + required: + - datasetRef + - definitionBody + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerytables.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryTable + plural: bigquerytables + shortNames: + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: The field description. + type: string + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. + type: string + required: + - kmsKeyRef + type: object + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. + properties: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean + required: + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". + type: string + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". + type: string + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". + properties: + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. + type: string + fieldDelimiter: + description: The separator for fields in a CSV file. + type: string + quote: + type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote + type: object + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". + properties: + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' + type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer + type: object + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. + properties: + mode: + description: When set, what mode of hive partitioning to use + when reading data. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. + type: string + type: object + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. + properties: + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start + type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query + type: object + required: + - datasetRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: + description: Describes the table type. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableAppProfile + plural: bigtableappprofiles + shortNames: + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Long form description of the use case for this app profile. + type: string + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: + description: |- + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean + resourceID: + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + singleClusterRouting: + description: Use a single-cluster routing policy. + properties: + allowTransactionalWrites: + description: |- + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. + type: string + required: + - clusterId + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableGCPolicy + plural: bigtablegcpolicies + shortNames: + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: Immutable. The name of the column family. + type: string + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." + type: string + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableinstances.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableInstance + plural: bigtableinstances + shortNames: + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. + type: string + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtabletables.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableTable + plural: bigtabletables + shortNames: + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. + items: + properties: + family: + description: The name of the column family. + type: string + required: + - family + type: object + type: array + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com +spec: + group: billingbudgets.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets + shortNames: + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string + type: object + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The billing account of the resource + + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. + items: + properties: + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. + properties: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: + properties: + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. + type: string + comment: + description: Optional. A descriptive comment. This field + may be updated. + type: string + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. + type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object + type: object + type: array + required: + - noteRef + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time + type: string + userOwnedDrydockNote: + properties: + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies + shortNames: + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. + items: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - defaultAdmissionRule + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudBuildTrigger + plural: cloudbuildtriggers + shortNames: + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object + build: + description: Contents of the build template. Either a filename or + build template must be provided. + properties: + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array + required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." + type: string + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: + type: string + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. + type: boolean + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." + type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + type: string + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. + type: string + type: object + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com +spec: + group: cloudfunctions.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions + shortNames: + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: + description: |- + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. + properties: + eventType: + description: |- + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. + type: string + required: + - eventType + - resourceRef + type: object + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. + properties: + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' + type: string + type: object + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. + type: string + required: + - url + type: object + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC + type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - region + - runtime + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. + type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityGroup + plural: cloudidentitygroups + shortNames: + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + type: string + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. + properties: + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + type: string + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. + type: string + required: + - id + type: object + initialGroupConfig: + description: |- + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + type: string + labels: + additionalProperties: + type: string + description: |- + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - groupKey + - labels + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the Group was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityMembership + plural: cloudidentitymemberships + shortNames: + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group for the resource + + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array + required: + - groupRef + - preferredMemberKey + - roles + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available + properties: + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' + type: string + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com +spec: + group: cloudscheduler.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudSchedulerJob + plural: cloudschedulerjobs + shortNames: + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineHttpTarget: + description: App Engine HTTP target. + properties: + appEngineRouting: + description: App Engine Routing setting for the job. + properties: + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). + type: string + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. + type: string + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. + type: string + type: object + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer + type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string + required: + - location + type: object + status: + properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: 'Immutable. The type of address to reserve. Default value: + "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbuckets.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucket + plural: computebackendbuckets + shortNames: + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: |- + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservices.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendService + plural: computebackendservices + shortNames: + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. + properties: + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + type: integer + type: object + circuitBreakers: + description: |- + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + connectionDrainingTimeoutSec: + description: |- + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: + description: |- + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + properties: + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + type: string + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: string + type: object + consistentHash: + description: |- + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer + type: object + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. + properties: + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number + type: object + healthChecks: + items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef + properties: + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. + type: string + oauth2ClientIdRef: + description: |- + Only `external` field is supported to configure the reference. + + OAuth2 Client ID for IAP. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string + required: + - name + type: object + policy: + description: The configuration for a built-in load balancing + policy. + properties: + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + required: + - name + type: object + type: object + type: array + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + + + If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, + session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The security policy associated with this backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computedisks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDisk + plural: computedisks + shortNames: + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskEncryptionKey: + description: |- + Immutable. Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + imageRef: + description: The image from which to initialize this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sourceDiskId: + description: |- + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeexternalvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways + shortNames: + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicy + plural: computefirewallpolicies + shortNames: + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + required: + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations + shortNames: + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules + shortNames: + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computefirewalls.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewall + plural: computefirewalls + shortNames: + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. Only IPv4 is supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + type: string + disabled: + description: |- + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + type: boolean + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: + description: |- + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array + required: + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeforwardingrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeForwardingRule + plural: computeforwardingrules + shortNames: + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: + description: |- + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + ipAddress: + description: |- + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: + description: |- + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string + selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHealthCheck + plural: computehealthchecks + shortNames: + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. + properties: + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + type: string + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + type: object + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttphealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks + shortNames: + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttpshealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks + shortNames: + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeImage + plural: computeimages + shortNames: + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: + description: |- + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: + description: |- + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: + description: |- + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + status: + properties: + archiveSizeBytes: + description: |- + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. + items: + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object + type: array + type: object + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. + items: + properties: + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: + properties: + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. + type: string + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' + properties: + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean + type: object + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be exactly 375GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. A subnetwork with purpose set to + INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is + reserved for Internal HTTP(S) Load Balancing. + + If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. Currently, this field is only used when + purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE + or BACKUP. An ACTIVE subnetwork is one that is currently being used + for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that + is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + items: + properties: + name: + description: |- + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + type: string + value: + description: |- + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + prefixMatch: + description: |- + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + type: string + queryParameterMatches: + description: |- + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + items: + properties: + exactMatch: + description: |- + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + type: string + name: + description: |- + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + type: string + presentMatch: + description: |- + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + type: boolean + regexMatch: + description: |- + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + type: string + required: + - name + type: object + type: array + regexMatch: + description: |- + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + type: string + type: object + type: array + priority: + description: |- + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + type: integer + routeAction: + description: |- + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: |- + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable. + items: + type: string + type: array + required: + - numRetries + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + type: string + urlRedirect: + description: |- + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + type: boolean + type: object + required: + - priority + type: object + type: array + required: + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + test: + description: |- + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + items: + properties: + description: + description: Description of this test case. + type: string + host: + description: Host portion of the URL. + type: string + path: + description: Path portion of the URL. + type: string + service: + description: |- + The backend service resource that should be matched by this test. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - host + - path + - service + type: object + type: array + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + mapId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNGateway + plural: computevpngateways + shortNames: + - gcpcomputevpngateway + - gcpcomputevpngateways + singular: computevpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpnInterfaces: + description: Immutable. A list of interfaces on this VPN gateway. + items: + properties: + id: + description: Immutable. The numeric ID of this VPN gateway interface. + type: integer + interconnectAttachmentRef: + description: |- + Immutable. When this value is present, the VPN Gateway will be used + for IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the specified + interconnect attachment resource. Not currently available publicly. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: The external IP address for this VPN gateway interface. + type: string + type: object + type: array + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpntunnels.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNTunnel + plural: computevpntunnels + shortNames: + - gcpcomputevpntunnel + - gcpcomputevpntunnels + singular: computevpntunnel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + ikeVersion: + description: |- + Immutable. IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + type: integer + localTrafficSelector: + description: |- + Immutable. Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + peerExternalGatewayInterface: + description: Immutable. The interface ID of the external VPN gateway + to which this VPN tunnel is connected. + type: integer + peerExternalGatewayRef: + description: |- + The peer side external VPN gateway to which this VPN tunnel + is connected. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerGCPGatewayRef: + description: |- + The peer side HA GCP VPN gateway to which this VPN tunnel is + connected. If provided, the VPN tunnel will automatically use the + same VPN gateway interface ID in the peer GCP VPN gateway. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerIp: + description: Immutable. IP address of the peer VPN gateway. Only IPv4 + is supported. + type: string + region: + description: Immutable. The region where the tunnel is located. If + unset, is set to the region of 'target_vpn_gateway'. + type: string + remoteTrafficSelector: + description: |- + Immutable. Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The router to be used for dynamic routing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sharedSecret: + description: |- + Immutable. Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + targetVPNGatewayRef: + description: |- + The ComputeTargetVPNGateway with which this VPN tunnel is + associated. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnGatewayInterface: + description: Immutable. The interface ID of the VPN gateway with which + this VPN tunnel is associated. + type: integer + vpnGatewayRef: + description: |- + The ComputeVPNGateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - sharedSecret + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + detailedStatus: + description: Detailed status message for the VPN tunnel. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sharedSecretHash: + description: Hash of the shared secret. + type: string + tunnelId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: configcontrollerinstances.configcontroller.cnrm.cloud.google.com +spec: + group: configcontroller.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ConfigControllerInstance + plural: configcontrollerinstances + shortNames: + - gcpconfigcontrollerinstance + - gcpconfigcontrollerinstances + singular: configcontrollerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + managementConfig: + description: Immutable. Configuration of the cluster management + properties: + fullManagementConfig: + description: Immutable. Configuration of the full (Autopilot) + cluster management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + type: object + standardManagementConfig: + description: Immutable. Configuration of the standard (GKE) cluster + management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + required: + - masterIPv4CidrBlock + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + usePrivateEndpoint: + description: Immutable. Only allow access to the master's private + endpoint IP. + type: boolean + required: + - location + - managementConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gkeResourceLink: + description: Output only. KrmApiHost GCP self link used for identifying + the underlying endpoint (GKE cluster currently). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current state of the internal state + machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, + CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: containeranalysisnotes.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisNote + plural: containeranalysisnotes + shortNames: + - gcpcontaineranalysisnote + - gcpcontaineranalysisnotes + singular: containeranalysisnote + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: A note describing an attestation role. + properties: + hint: + description: Hint hints at the purpose of the attestation authority. + properties: + humanReadableName: + description: Required. The human readable name of this attestation + authority, for example "qa". + type: string + required: + - humanReadableName + type: object + type: object + build: + description: A note describing build provenance for a verifiable build. + properties: + builderVersion: + description: Required. Immutable. Version of the builder which + produced this build. + type: string + required: + - builderVersion + type: object + deployment: + description: A note describing something that can be deployed. + properties: + resourceUri: + description: Required. Resource URI for the artifact being deployed. + items: + type: string + type: array + required: + - resourceUri + type: object + discovery: + description: A note describing the initial analysis of a resource. + properties: + analysisKind: + description: 'The kind of analysis that is handled by this discovery. + Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, + IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + required: + - analysisKind + type: object + expirationTime: + description: Time of expiration for this note. Empty if note does + not expire. + format: date-time + type: string + image: + description: A note describing a base image. + properties: + fingerprint: + description: Required. Immutable. The fingerprint of the base + image. + properties: + v1Name: + description: Required. The layer ID of the final layer in + the Docker image's v1 representation. + type: string + v2Blob: + description: Required. The ordered list of v2 blobs that represent + a given image. + items: + type: string + type: array + required: + - v1Name + - v2Blob + type: object + resourceUrl: + description: Required. Immutable. The resource_url for the resource + representing the basis of associated occurrence images. + type: string + required: + - fingerprint + - resourceUrl + type: object + longDescription: + description: A detailed description of this note. + type: string + package: + description: Required for non-Windows OS. The package this Upgrade + is for. + properties: + distribution: + description: The various channels by which a package is distributed. + items: + properties: + architecture: + description: 'The CPU architecture for which packages in + this distribution channel were built Possible values: + ARCHITECTURE_UNSPECIFIED, X86, X64' + type: string + cpeUri: + description: The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) + denoting the package manager version distributing a package. + type: string + description: + description: The distribution channel-specific description + of this package. + type: string + latestVersion: + description: The latest available version of this package + in this distribution channel. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Distinguish between sentinel MIN/MAX versions + and normal versions. If kind is not NORMAL, then the + other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, + NORMAL, MINIMUM, MAXIMUM' + type: string + name: + description: The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + maintainer: + description: A freeform string denoting the maintainer of + this package. + type: string + url: + description: The distribution channel-specific homepage + for this package. + type: string + required: + - cpeUri + type: object + type: array + name: + description: The name of the package. + type: string + required: + - name + type: object + relatedNoteNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + relatedUrl: + description: URLs associated with this note. + items: + properties: + label: + description: Label to describe usage of the URL + type: string + url: + description: Specific URL to associate with the note + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shortDescription: + description: A one sentence description of this note. + type: string + vulnerability: + description: A note describing a package vulnerability. + properties: + cvssScore: + description: The CVSS score of this vulnerability. CVSS score + is on a scale of 0 - 10 where 0 indicates low severity and 10 + indicates high severity. + format: double + type: number + cvssV3: + description: The full description of the CVSSv3 for this vulnerability. + properties: + attackComplexity: + description: ' Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, + ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH' + type: string + attackVector: + description: 'Base Metrics Represents the intrinsic characteristics + of a vulnerability that are constant over time and across + user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, + ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, + ATTACK_VECTOR_PHYSICAL' + type: string + availabilityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + baseScore: + description: The base score is a function of the base metric + scores. + format: double + type: number + confidentialityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + exploitabilityScore: + format: double + type: number + impactScore: + format: double + type: number + integrityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + privilegesRequired: + description: ' Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, + PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH' + type: string + scope: + description: ' Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, + SCOPE_CHANGED' + type: string + userInteraction: + description: ' Possible values: USER_INTERACTION_UNSPECIFIED, + USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED' + type: string + type: object + details: + description: Details of all known distros and packages affected + by this vulnerability. + items: + properties: + affectedCpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + affectedPackage: + description: Required. The package this vulnerability affects. + type: string + affectedVersionEnd: + description: 'The version number at the end of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + affectedVersionStart: + description: 'The version number at the start of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + description: + description: A vendor-specific description of this vulnerability. + type: string + fixedCpeUri: + description: The distro recommended (https://cpe.mitre.org/specification/) + to update to that contains a fix for this vulnerability. + It is possible for this to be different from the affected_cpe_uri. + type: string + fixedPackage: + description: The distro recommended package to update to + that contains a fix for this vulnerability. It is possible + for this to be different from the affected_package. + type: string + fixedVersion: + description: The distro recommended version to update to + that contains a fix for this vulnerability. Setting this + to VersionKind.MAXIMUM means no such version is yet available. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + isObsolete: + description: Whether this detail is obsolete. Occurrences + are expected not to point to obsolete details. + type: boolean + packageType: + description: The type of package; whether native or non + native (e.g., ruby gems, node.js packages, etc.). + type: string + severityName: + description: The distro assigned severity of this vulnerability. + type: string + sourceUpdateTime: + description: The time this information was last changed + at the source. This is an upstream timestamp from the + underlying information source - e.g. Ubuntu security tracker. + format: date-time + type: string + required: + - affectedCpeUri + - affectedPackage + type: object + type: array + severity: + description: 'The note provider assigned severity of this vulnerability. + Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, + HIGH, CRITICAL' + type: string + sourceUpdateTime: + description: The time this information was last changed at the + source. This is an upstream timestamp from the underlying information + source - e.g. Ubuntu security tracker. + format: date-time + type: string + windowsDetails: + description: Windows details get their own format because the + information format and model don't match a normal detail. Specifically + Windows updates are done as patches, thus Windows vulnerabilities + really are a missing package, rather than a package being at + an incorrect version. + items: + properties: + cpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + description: + description: The description of this vulnerability. + type: string + fixingKbs: + description: Required. The names of the KBs which have hotfixes + to mitigate this vulnerability. Note that there may be + multiple hotfixes (and thus multiple KBs) that mitigate + a given vulnerability. Currently any listed KBs presence + is considered a fix. + items: + properties: + name: + description: The KB name (generally of the form KB+ + (e.g., KB123456)). + type: string + url: + description: A link to the KB in the (https://www.catalog.update.microsoft.com/). + type: string + type: object + type: array + name: + description: Required. The name of this vulnerability. + type: string + required: + - cpeUri + - fixingKbs + - name + type: object + type: array + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerclusters.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerCluster + plural: containerclusters + shortNames: + - gcpcontainercluster + - gcpcontainerclusters + singular: containercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: The configuration for addons supported by GKE. + properties: + cloudrunConfig: + description: The status of the CloudRun addon. It is disabled + by default. Set disabled = false to enable. + properties: + disabled: + type: boolean + loadBalancerType: + type: string + required: + - disabled + type: object + configConnectorConfig: + description: The of the Config Connector addon. + properties: + enabled: + type: boolean + required: + - enabled + type: object + dnsCacheConfig: + description: The status of the NodeLocal DNSCache addon. It is + disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcePersistentDiskCsiDriverConfig: + description: Whether this cluster should enable the Google Compute + Engine Persistent Disk Container Storage Interface (CSI) Driver. + Defaults to enabled; set disabled = true to disable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcpFilestoreCsiDriverConfig: + description: The status of the Filestore CSI driver addon, which + allows the usage of filestore instance as volumes. Defaults + to disabled; set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gkeBackupAgentConfig: + description: The status of the Backup for GKE Agent addon. It + is disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + horizontalPodAutoscaling: + description: The status of the Horizontal Pod Autoscaling addon, + which increases or decreases the number of replica pods a replication + controller has based on the resource usage of the existing pods. + It ensures that a Heapster pod is running in the cluster, which + is also used by the Cloud Monitoring service. It is enabled + by default; set disabled = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + httpLoadBalancing: + description: The status of the HTTP (L7) load balancing controller + addon, which makes it easy to set up HTTP load balancers for + services in a cluster. It is enabled by default; set disabled + = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + istioConfig: + description: The status of the Istio addon. + properties: + auth: + description: The authentication type between services in Istio. + Available options include AUTH_MUTUAL_TLS. + type: string + disabled: + description: The status of the Istio addon, which makes it + easy to set up Istio for services in a cluster. It is disabled + by default. Set disabled = false to enable. + type: boolean + required: + - disabled + type: object + kalmConfig: + description: Configuration for the KALM addon, which manages the + lifecycle of k8s. It is disabled by default; Set enabled = true + to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + networkPolicyConfig: + description: Whether we should enable the network policy addon + for the master. This must be enabled in order to enable network + policy for the nodes. To enable this, you must also define a + network_policy block, otherwise nothing will happen. It can + only be disabled if the nodes already do not have network policies + enabled. Defaults to disabled; set disabled = false to enable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + type: object + authenticatorGroupsConfig: + description: Configuration for the Google Groups for GKE feature. + properties: + securityGroup: + description: The name of the RBAC security group for use with + Google security groups in Kubernetes RBAC. Group name must be + in format gke-security-groups@yourdomain.com. + type: string + required: + - securityGroup + type: object + binaryAuthorization: + description: Configuration options for the Binary Authorization feature. + properties: + enabled: + description: DEPRECATED. Deprecated in favor of evaluation_mode. + Enable Binary Authorization for this cluster. + type: boolean + evaluationMode: + description: Mode of operation for Binary Authorization policy + evaluation. + type: string + type: object + clusterAutoscaling: + description: Per-cluster configuration of Node Auto-Provisioning with + Cluster Autoscaler to automatically adjust the size of the cluster + and create/delete node pools based on the current needs of the cluster's + workload. See the guide to using Node Auto-Provisioning for more + details. + properties: + autoProvisioningDefaults: + description: Contains defaults for a node pool created by NAP. + properties: + bootDiskKMSKeyRef: + description: |- + Immutable. The Customer Managed Encryption Key used to encrypt the + boot disk attached to each node in the node pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSize: + description: Size of the disk attached to each node, specified + in GB. The smallest allowed disk size is 10GB. + type: integer + imageType: + description: The default image type used by NAP once a new + node pool is being created. + type: string + management: + description: NodeManagement configuration for this NodePool. + properties: + autoRepair: + description: Specifies whether the node auto-repair is + enabled for the node pool. If enabled, the nodes in + this node pool will be monitored and, if they fail health + checks too many times, an automatic repair action will + be triggered. + type: boolean + autoUpgrade: + description: Specifies whether node auto-upgrade is enabled + for the node pool. If enabled, node auto-upgrade helps + keep the nodes in your node pool up to date with the + latest release version of Kubernetes. + type: boolean + upgradeOptions: + description: Specifies the Auto Upgrade knobs for the + node pool. + items: + properties: + autoUpgradeStartTime: + description: This field is set when upgrades are + about to commence with the approximate start time + for the upgrades, in RFC3339 text format. + type: string + description: + description: This field is set when upgrades are + about to commence with the description of the + upgrade. + type: string + type: object + type: array + type: object + minCpuPlatform: + description: Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or newer + CPU platform. Applicable values are the friendly names of + CPU platforms, such as Intel Haswell. + type: string + oauthScopes: + description: Scopes that are used by NAP when creating node + pools. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Defines whether the instance has Secure Boot + enabled. + type: boolean + type: object + upgradeSettings: + description: Specifies the upgrade settings for NAP created + node pools. + properties: + blueGreenSettings: + description: Settings for blue-green upgrade strategy. + properties: + nodePoolSoakDuration: + description: "Time needed after draining entire blue + pool. After this period, blue pool will be cleaned + up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration + in seconds with up to nine fractional digits, ending + with 's'. Example: \"3.5s\"." + type: string + standardRolloutPolicy: + description: Standard policy for the blue-green upgrade. + properties: + batchNodeCount: + description: Number of blue nodes to drain in + a batch. + type: integer + batchPercentage: + description: Percentage of the bool pool nodes + to drain in a batch. The range of this field + should be (0.0, 1.0]. + type: number + batchSoakDuration: + description: "Soak time after each batch gets + drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA + duration in seconds with up to nine fractional + digits, ending with 's'. Example: \"3.5s\"." + type: string + type: object + type: object + maxSurge: + description: The maximum number of nodes that can be created + beyond the current size of the node pool during the + upgrade process. + type: integer + maxUnavailable: + description: The maximum number of nodes that can be simultaneously + unavailable during the upgrade process. + type: integer + strategy: + description: Update strategy of the node pool. + type: string + type: object + type: object + autoscalingProfile: + description: Configuration options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler + should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED + or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string + enabled: + description: Whether node auto-provisioning is enabled. Resource + limits for cpu and memory must be defined to enable node auto-provisioning. + type: boolean + resourceLimits: + description: Global constraints for machine resources in the cluster. + Configuring the cpu and memory types is required if node auto-provisioning + is enabled. These limits will apply to node pool autoscaling + in addition to node auto-provisioning. + items: + properties: + maximum: + description: Maximum amount of the resource in the cluster. + type: integer + minimum: + description: Minimum amount of the resource in the cluster. + type: integer + resourceType: + description: The type of the resource. For example, cpu + and memory. See the guide to using Node Auto-Provisioning + for a list of types. + type: string + required: + - resourceType + type: object + type: array + type: object + clusterIpv4Cidr: + description: Immutable. The IP address range of the Kubernetes pods + in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank + to have one automatically chosen or specify a /14 block in 10.0.0.0/8. + This field will only work for routes-based clusters, where ip_allocation_policy + is not defined. + type: string + clusterTelemetry: + description: Telemetry integration for the cluster. + properties: + type: + description: Type of the integration. + type: string + required: + - type + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: This + configuration can''t be changed (or added/removed) after cluster + creation without deleting and recreating the entire cluster.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature is + enabled for all nodes in this cluster. + type: boolean + required: + - enabled + type: object + costManagementConfig: + description: Cost management configuration for the cluster. + properties: + enabled: + description: Whether to enable GKE cost allocation. When you enable + GKE cost allocation, the cluster name and namespace of your + GKE workloads appear in the labels field of the billing export + to BigQuery. Defaults to false. + type: boolean + required: + - enabled + type: object + databaseEncryption: + description: 'Application-layer Secrets Encryption settings. The object + format is {state = string, key_name = string}. Valid values of state + are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS + key.' + properties: + keyName: + description: The key to use to encrypt/decrypt secrets. + type: string + state: + description: ENCRYPTED or DECRYPTED. + type: string + required: + - state + type: object + datapathProvider: + description: Immutable. The desired datapath provider for this cluster. + By default, uses the IPTables-based kube-proxy implementation. + type: string + defaultMaxPodsPerNode: + description: Immutable. The default maximum number of pods per node + in this cluster. This doesn't work on "routes-based" clusters, clusters + that don't have IP Aliasing enabled. + type: integer + defaultSnatStatus: + description: Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when defaultSnatStatus is disabled. + properties: + disabled: + description: When disabled is set to false, default IP masquerade + rules will be applied to the nodes to prevent sNAT on cluster + internal traffic. + type: boolean + required: + - disabled + type: object + description: + description: Immutable. Description of the cluster. + type: string + dnsConfig: + description: Immutable. Configuration for Cloud DNS for Kubernetes + Engine. + properties: + clusterDns: + description: Which in-cluster DNS provider should be used. + type: string + clusterDnsDomain: + description: The suffix used for all cluster service records. + type: string + clusterDnsScope: + description: The scope of access to cluster DNS records. + type: string + type: object + enableAutopilot: + description: Immutable. Enable Autopilot for this cluster. + type: boolean + enableBinaryAuthorization: + description: DEPRECATED. Deprecated in favor of binary_authorization. + Enable Binary Authorization for this cluster. If enabled, all container + images will be validated by Google Binary Authorization. + type: boolean + enableIntranodeVisibility: + description: Whether Intra-node visibility is enabled for this cluster. + This makes same node pod to pod traffic visible for VPC network. + type: boolean + enableKubernetesAlpha: + description: Immutable. Whether to enable Kubernetes Alpha features + for this cluster. Note that when this option is enabled, the cluster + cannot be upgraded and will be automatically deleted after 30 days. + type: boolean + enableL4IlbSubsetting: + description: Whether L4ILB Subsetting is enabled for this cluster. + type: boolean + enableLegacyAbac: + description: Whether the ABAC authorizer is enabled for this cluster. + When enabled, identities in the system, including service accounts, + nodes, and controllers, will have statically granted permissions + beyond those provided by the RBAC configuration or IAM. Defaults + to false. + type: boolean + enableShieldedNodes: + description: Enable Shielded Nodes features on all nodes in this cluster. + Defaults to true. + type: boolean + enableTpu: + description: Immutable. Whether to enable Cloud TPU resources in this + cluster. + type: boolean + gatewayApiConfig: + description: Configuration for GKE Gateway API controller. + properties: + channel: + description: The Gateway API release channel to use for Gateway + API. + type: string + required: + - channel + type: object + identityServiceConfig: + description: Configuration for Identity Service which allows customers + to use external identity providers with the K8S API. + properties: + enabled: + description: Whether to enable the Identity Service component. + type: boolean + type: object + initialNodeCount: + description: Immutable. The number of nodes to create in this cluster's + default node pool. In regional or multi-zonal clusters, this is + the number of nodes per zone. Must be set if node_pool is not set. + If you're using google_container_node_pool objects with no default + node pool, you'll need to set this to a value of at least 1, alongside + setting remove_default_node_pool to true. + type: integer + ipAllocationPolicy: + description: Immutable. Configuration of cluster IP allocation for + VPC-native clusters. Adding this block enables IP aliasing, making + the cluster VPC-native instead of routes-based. + properties: + clusterIpv4CidrBlock: + description: Immutable. The IP address range for the cluster pod + IPs. Set to blank to have a range chosen with the default size. + Set to /netmask (e.g. /14) to have a range chosen with a specific + netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the + RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) + to pick a specific range to use. + type: string + clusterSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for pod IP addresses. Alternatively, + cluster_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + servicesIpv4CidrBlock: + description: Immutable. The IP address range of the services IPs + in this cluster. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + servicesSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for service ClusterIPs. Alternatively, + services_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + type: object + location: + description: Immutable. The location (region or zone) in which the + cluster master will be created, as well as the default node location. + If you specify a zone (such as us-central1-a), the cluster will + be a zonal cluster with a single cluster master. If you specify + a region (such as us-west1), the cluster will be a regional cluster + with multiple masters spread across zones in the region, and with + default node locations in those zones as well. + type: string + loggingConfig: + description: Logging configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing logs. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + required: + - enableComponents + type: object + loggingService: + description: The logging service that the cluster should write logs + to. Available options include logging.googleapis.com(Legacy Stackdriver), + logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine + Logging), and none. Defaults to logging.googleapis.com/kubernetes. + type: string + maintenancePolicy: + description: The maintenance policy to use for the cluster. + properties: + dailyMaintenanceWindow: + description: 'Time window specified for daily maintenance operations. + Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] + and MM : [00-59] GMT.' + properties: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + is 375 GB in size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. + items: + properties: + effect: + description: Immutable. Effect for taint. + type: string + key: + description: Immutable. Key for taint. + type: string + value: + description: Immutable. Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. + type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - enabled + type: object + required: + - pubsub + type: object + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. + properties: + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. + properties: + enabled: + description: Whether the cluster master is accessible globally + or not. + type: boolean + required: + - enabled + type: object + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. + type: string + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. + type: string + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. + properties: + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string + required: + - channel + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. + properties: + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. + properties: + datasetId: + description: The ID of a BigQuery Dataset. + type: string + required: + - datasetId + type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. + properties: + enabled: + description: Enables vertical pod autoscaling. + type: boolean + required: + - enabled + type: object + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. + type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + is 375 GB in size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. + items: + properties: + effect: + description: Immutable. Effect for taint. + type: string + key: + description: Immutable. Key for taint. + type: string + value: + description: Immutable. Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: The workload metadata configuration for this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer + nodeLocations: + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. + items: + type: string + type: array + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + taxonomyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - displayName + - taxonomyRef + type: object + status: + properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Taxonomy location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: + type: string + parameters: + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + required: + - containerSpecGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowjobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowJob + plural: dataflowjobs + shortNames: + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". + type: string + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. + type: string + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string + required: + - tempGcsLocation + - templateGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + description: The unique ID of this job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: datafusioninstances.datafusion.cnrm.cloud.google.com +spec: + group: datafusion.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataFusionInstance + plural: datafusioninstances + shortNames: + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. + type: string + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. + type: string + required: + - location + - type + type: object + status: + properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string + state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies + shortNames: + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + basicAlgorithm: + properties: + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' + type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. + properties: + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + type: object + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. + properties: + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances + type: object + required: + - basicAlgorithm + - location + - workerConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocclusters.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocCluster + plural: dataprocclusters + shortNames: + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource, usually a GCP + region. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Google Cloud Platform project ID that the cluster belongs to. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. + properties: + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kubernetesClusterConfig + type: object + required: + - location + type: object + status: + properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates + shortNames: + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: + type: string + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. + properties: + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + type: object + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: + type: string + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: + type: string + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. + type: string + required: + - clusterLabels + type: object + managedCluster: + description: Immutable. A cluster that is managed by the workflow. + properties: + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object + required: + - clusterName + - config + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - jobs + - location + - placement + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time template was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPDeidentifyTemplate + plural: dlpdeidentifytemplates + shortNames: + - gcpdlpdeidentifytemplate + - gcpdlpdeidentifytemplates + singular: dlpdeidentifytemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + deidentifyConfig: + description: The core content of the template. + properties: + infoTypeTransformations: + description: Treat the dataset as free-form text and apply the + same free text transformation everywhere. + properties: + transformations: + description: Required. Transformation for each infoType. Cannot + specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation to. + An empty list will cause this transformation to apply + to all findings that correspond to infoTypes that + were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation to apply + to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + recordTransformations: + description: Treat the dataset as structured. Transformations + can be applied to specific locations within structured datasets, + such as transforming a column within a table. + properties: + fieldTransformations: + description: Transform the record by applying various field + transformations. + items: + properties: + condition: + description: 'Only apply the transformation if the condition + evaluates to true for the given `RecordCondition`. + The conditions are allowed to reference fields that + are not used in the actual transformation. Example + Use Cases: - Apply a different bucket transformation + to an age column if the zip code column for the same + record is within a specific range. - Redact a field + if the date of birth field is greater than 85.' + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + fields: + description: Required. Input field(s) to apply the transformation + to. When you have columns that reference their position + within a list, omit the index from the FieldId. FieldId + name matching ignores the index. For example, instead + of "contact.nums[0].type", use "contact.nums.type". + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + infoTypeTransformations: + description: Treat the contents of the field as free + text, and selectively transform content that matches + an `InfoType`. + properties: + transformations: + description: Required. Transformation for each infoType. + Cannot specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation + to. An empty list will cause this transformation + to apply to all findings that correspond + to infoTypes that were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation + to apply to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges + must be non-overlapping. + items: + properties: + max: + description: Upper bound of + the range, exclusive; type + must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of + the range, inclusive. Type + should be the same as max + if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement + value for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, + items in this list will be skipped + when replacing characters. For example, + if the input string is `555-555-5555` + and you instruct Cloud DLP to skip + `-` and mask 5 characters with `*`, + Cloud DLP returns `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not + transform when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters + to not transform when masking. + Useful to avoid removing punctuation. + Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, + ALPHA_LOWER_CASE, PUNCTUATION, + WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask + the sensitive values—for example, + `*` for an alphabetic string such + as a name, or `0` for a numeric + string such as ZIP code or credit + card number. This string must have + a length of 1. If not supplied, + this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters + to mask. If not set, all matching + chars will be masked. Skipped characters + do not count towards this tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse + order. For example, if `masking_character` + is `0`, `number_to_mask` is `14`, + and `reverse_order` is `false`, + then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. + If `masking_character` is `*`, `number_to_mask` + is `3`, and `reverse_order` is `true`, + then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. + properties: + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name + for this InfoType. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. + properties: + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl + type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: eventarctriggers.eventarc.cnrm.cloud.google.com +spec: + group: eventarc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EventarcTrigger + plural: eventarctriggers + shortNames: + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. + + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: + properties: + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string + type: object + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: + type: string + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships + shortNames: + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configmanagement: + description: Config Management-specific spec. + properties: + binauthz: + description: Binauthz configuration for the cluster. + properties: + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean + type: object + configSync: + description: Config Sync configuration for the cluster. + properties: + git: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string + type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string + type: object + hierarchyController: + description: Hierarchy Controller configuration for the cluster. + properties: + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean + type: object + policyController: + description: Policy Controller configuration for the cluster. + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + type: string + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean + type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string + type: object + featureRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mesh: + description: Manage Mesh Features + properties: + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - featureRef + - location + - membershipRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeatures.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeature + plural: gkehubfeatures + shortNames: + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. + properties: + multiclusteringress: + description: Multicluster Ingress-specific spec. + properties: + configMembershipRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - configMembershipRef + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubmemberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubMembership + plural: gkehubmemberships + shortNames: + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' + properties: + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string + type: object + description: + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' + type: string + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - resourceRef + - service + type: object + status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + properties: + conditions: + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMCustomRole + plural: iamcustomroles + shortNames: + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description for the role. + type: string + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string + required: + - permissions + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampartialpolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPartialPolicy + plural: iampartialpolicies + shortNames: + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy + properties: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + oneOf: + - required: + - member + - required: + - memberFrom + properties: + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy + properties: + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicy + plural: iampolicies + shortNames: + - gcpiampolicy + - gcpiampolicies + singular: iampolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicySpec defines the desired state of IAMPolicy + properties: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPolicyStatus defines the observed state of IAMPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicymembers.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicyMember + plural: iampolicymembers + shortNames: + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicyMember is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom + properties: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - resourceRef + - role + type: object + status: + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys + shortNames: + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + type: string + privateKeyType: + description: Immutable. + type: string + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. + type: string + publicKeyType: + description: Immutable. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Immutable. The name used for this key pair. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccount + plural: iamserviceaccounts + shortNames: + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - attributeMapping + - location + - workforcePoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePool + plural: iamworkforcepools + shortNames: + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). + type: string + required: + - location + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders + shortNames: + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - workloadIdentityPoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools + shortNames: + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the pool. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A display name for the pool. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapbrands.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPBrand + plural: iapbrands + shortNames: + - gcpiapbrand + - gcpiapbrands + singular: iapbrand + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients + shortNames: + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + brandRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: Immutable. Human-friendly name given to the OAuth client. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - brandRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: Output only. Client secret of the OAuth client. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformConfig + plural: identityplatformconfigs + shortNames: + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: + type: string + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object + type: object + client: + description: Options related to how clients making requests on behalf + of a project should be configured. + properties: + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + monitoring: + description: Configuration related to monitoring project activity. + properties: + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. + type: string + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + quota: + description: Configuration related to quotas. + properties: + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + client: + properties: + apiKey: + description: Output only. API key that can be used when making + requests for this project. + type: string + firebaseSubdomain: + description: Output only. Firebase subdomain. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs + shortNames: + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantOAuthIDPConfig + plural: identityplatformtenantoauthidpconfigs + shortNames: + - gcpidentityplatformtenantoauthidpconfig + - gcpidentityplatformtenantoauthidpconfigs + singular: identityplatformtenantoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + tenantRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The tenant for the resource + + Allowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tenantRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenants.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenant + plural: identityplatformtenants + shortNames: + - gcpidentityplatformtenant + - gcpidentityplatformtenants + singular: identityplatformtenant + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowPasswordSignup: + description: Whether to allow email/password user authentication. + type: boolean + disableAuth: + description: Whether authentication is disabled for the tenant. If + true, the users under the disabled tenant are not allowed to sign-in. + Admins of the disabled tenant are not able to manage its users. + type: boolean + displayName: + description: Display name of the tenant. + type: string + enableAnonymousUser: + description: Whether to enable anonymous user authentication. + type: boolean + enableEmailLinkSignin: + description: Whether to enable email link user authentication. + type: boolean + mfaConfig: + description: The tenant-level configuration of MFA options. + properties: + enabledProviders: + description: A list of usable second factors for this project. + items: + type: string + type: array + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testPhoneNumbers: + additionalProperties: + type: string + description: A map of pairs that can + be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) + and a maximum of 10 pairs can be added (error will be thrown once + exceeded). + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeys.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKey + plural: kmscryptokeys + shortNames: + - gcpkmscryptokey + - gcpkmscryptokeys + singular: kmscryptokey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogbuckets.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogBucket + plural: logginglogbuckets + shortNames: + - gcplogginglogbucket + - gcplogginglogbuckets + singular: logginglogbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this bucket. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + locked: + description: Whether the bucket has been locked. The retention period + on a locked bucket may not be changed. Locked buckets may only be + deleted if they are empty. + type: boolean + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionDays: + description: Logs will be retained by default for this amount of time, + after which they will automatically be deleted. The minimum retention + period is 1 day. If this value is set to zero at bucket creation + time, the default time of 30 days will be used. + format: int64 + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the bucket. This + is not set for any of the default buckets. + format: date-time + type: string + lifecycleState: + description: 'Output only. The bucket lifecycle state. Possible values: + LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the bucket. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogexclusions.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogExclusion + plural: logginglogexclusions + shortNames: + - gcplogginglogexclusion + - gcplogginglogexclusions + singular: logginglogexclusion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - projectRef + - required: + - folderRef + - required: + - organizationRef + - required: + - billingAccountRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A description of this exclusion. + type: string + disabled: + description: Optional. If set to True, then this exclusion is disabled + and it does not exclude any log entries. You can update an exclusion + to change the value of this field. + type: boolean + filter: + description: 'Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), + you can exclude less than 100% of the matching log entries. For + example, the following query matches 99% of low-severity log entries + from Google Cloud Storage buckets: `"resource.type=gcs_bucket severity' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogmetrics.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogMetric + plural: logginglogmetrics + shortNames: + - gcplogginglogmetric + - gcplogginglogmetrics + singular: logginglogmetric + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketOptions: + description: Optional. The `bucket_options` are required when the + logs-based metric is using a DISTRIBUTION value type and it describes + the bucket boundaries used to create a histogram of the extracted + values. + properties: + explicitBuckets: + description: The explicit buckets. + properties: + bounds: + description: The values must be monotonically increasing. + items: + format: double + type: number + type: array + type: object + exponentialBuckets: + description: The exponential buckets. + properties: + growthFactor: + description: Must be greater than 1. + format: double + type: number + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + scale: + description: Must be greater than 0. + format: double + type: number + type: object + linearBuckets: + description: The linear bucket. + properties: + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + offset: + description: Lower bound of the first bucket. + format: double + type: number + width: + description: Must be greater than 0. + format: double + type: number + type: object + type: object + description: + description: Optional. A description of this metric, which is used + in documentation. The maximum length of the description is 8000 + characters. + type: string + disabled: + description: Optional. If set to True, then this metric is disabled + and it does not generate any points. + type: boolean + filter: + description: 'Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) + which is used to match log entries. Example: "resource.type=gae_app + AND severity>=ERROR" The maximum length of the filter is 20000 characters.' + type: string + labelExtractors: + additionalProperties: + type: string + description: Optional. A map from a label key string to an extractor + expression which is used to extract data from a log entry field + and assign as the label value. Each label key specified in the LabelDescriptor + must have an associated extractor expression in this map. The syntax + of the extractor expression is the same as for the `value_extractor` + field. The extracted value is converted to the type defined in the + label descriptor. If the either the extraction or the type conversion + fails, the label will have a default value. The default value for + a string label is an empty string, for an integer label its 0, and + for a boolean label its `false`. Note that there are upper bounds + on the maximum number of labels and the number of active time series + that are allowed in a project. + type: object + metricDescriptor: + description: Optional. The metric descriptor associated with the logs-based + metric. If unspecified, it uses a default metric descriptor with + a DELTA metric kind, INT64 value type, with no labels and a unit + of "1". Such a metric counts the number of log entries matching + the `filter` expression. The `name`, `type`, and `description` fields + in the `metric_descriptor` are output only, and is constructed using + the `name` and `description` field in the LogMetric. To create a + logs-based metric that records a distribution of log values, a DELTA + metric kind with a DISTRIBUTION value type must be used along with + a `value_extractor` expression in the LogMetric. Each label in the + metric descriptor must have a matching label name as the key and + an extractor expression as the value in the `label_extractors` map. + The `metric_kind` and `value_type` fields in the `metric_descriptor` + cannot be updated once initially configured. New labels can be added + in the `metric_descriptor`, but existing labels cannot be modified + except for their description. + properties: + displayName: + description: A concise name for the metric, which can be displayed + in user interfaces. Use sentence case without an ending period, + for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: The set of labels that can be used to describe a + specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just + for responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for + the label. + type: string + key: + description: Immutable. The label key. + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64, DOUBLE, + DISTRIBUTION, MONEY' + type: string + type: object + type: array + launchStage: + description: 'Optional. The launch stage of the metric definition. + Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, + BETA, GA, DEPRECATED' + type: string + metadata: + description: Optional. Metadata which can be used to guide usage + of the metric. + properties: + ingestDelay: + description: The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + samplePeriod: + description: The sampling period of metric data points. For + metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data + loss due to errors. Metrics with a higher granularity have + a smaller sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: GAUGE, + DELTA, CUMULATIVE' + type: string + unit: + description: 'The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of + the stored metric values. Different systems might scale the + values to be more easily displayed (so a value of `0.02kBy` + _might_ be displayed as `20By`, and a value of `3523kBy` _might_ + be displayed as `3.5MBy`). However, if the `unit` is `kBy`, + then the value of the metric is always in thousands of bytes, + no matter how it might be displayed. If you want a custom metric + to record the exact number of CPU-seconds used by a job, you + can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` + (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 + CPU-seconds, then the value is written as `12005`. Alternatively, + if you want a custom metric to record data in a more granular + way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` + is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), + or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: + **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second + * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes + (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) + * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` + zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` + micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto + (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto + (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) + * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar + also includes these connectors: * `/` division or ratio (as + an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` + (although you should almost never have `/s` in a metric `unit`; + rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. + The grammar for a unit is as follows: Expression = Component: + { "." Component } { "/" Component } ; Component = ( [ PREFIX + ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation + = "{" NAME "}" ; Notes: * `Annotation` is just a comment if + it follows a `UNIT`. If the annotation is used alone, then the + unit is equivalent to `1`. For examples, `{request}/s == 1/s`, + `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank + printable ASCII characters not containing `{` or `}`. * `1` + represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) + of 1, such as in `1/s`. It is typically used when none of the + basic units are appropriate. For example, "new users per day" + can be represented as `1/d` or `{new-users}/d` (and a metric + value `5` would mean "5 new users). Alternatively, "thousands + of page views per day" would be represented as `1000/d` or `k1/d` + or `k{page_views}/d` (and a metric value of `5.3` would mean + "5300 page views per day"). * `%` represents dimensionless value + of 1/100, and annotates values giving a percentage (so the metric + values are typically in the range of 0..100, and a metric value + `3` means "3 percent"). * `10^2.%` indicates a metric contains + a ratio, typically in the range 0..1, that will be multiplied + by 100 and displayed as a percentage (so a metric value `0.03` + means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, + a floating-point number, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: STRING, + BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the project in which to create the metric. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueExtractor: + description: 'Optional. A `value_extractor` is required when using + a distribution logs-based metric to extract the values to record + from a log entry. Two functions are supported for value extraction: + `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument + are: 1. field: The name of the log entry field from which the value + is to be extracted. 2. regex: A regular expression using the Google + RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single + capture group to extract data from the specified log entry field. + The value of the field is converted to a string before applying + the regex. It is an error to specify a regex that does not include + exactly one capture group. The result of the extraction must be + convertible to a double type, as the distribution always records + double values. If either the extraction or the conversion to double + fails, then those values are not recorded in the distribution. Example: + `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(d+).*")`' + type: string + required: + - filter + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the metric. This + field may not be present for older metrics. + format: date-time + type: string + metricDescriptor: + properties: + description: + description: A detailed description of the metric, which can be + used in documentation. + type: string + monitoredResourceTypes: + description: Read-only. If present, then a time series, which + is identified partially by a metric type and a MonitoredResourceDescriptor, + that is associated with this metric type can only be associated + with one of the monitored resource types listed here. + items: + type: string + type: array + name: + description: The resource name of the metric descriptor. + type: string + type: + description: 'The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For + example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the metric. + This field may not be present for older metrics. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: logginglogsinks.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogSink + plural: logginglogsinks + shortNames: + - gcplogginglogsink + - gcplogginglogsinks + singular: logginglogsink + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryOptions: + description: Options that affect sinks exporting data to BigQuery. + properties: + usePartitionedTables: + description: Whether to use BigQuery's partition tables. By default, + Logging creates dated tables based on the log entries' timestamps, + e.g. syslog_20170523. With partitioned tables the date suffix + is no longer present and special query syntax has to be used + instead. In both cases, tables are sharded based on UTC timezone. + type: boolean + required: + - usePartitionedTables + type: object + description: + description: A description of this sink. The maximum length of the + description is 8000 characters. + type: string + destination: + oneOf: + - required: + - bigQueryDatasetRef + - required: + - loggingLogBucketRef + - required: + - pubSubTopicRef + - required: + - storageBucketRef + properties: + bigQueryDatasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, + where {{value}} is the `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + loggingLogBucketRef: + description: Only `external` field is supported to configure the + reference. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, + where {{value}} is the `name` field of a `LoggingLogBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubSubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `storage.googleapis.com/{{value}}`, + where {{value}} is the `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + disabled: + description: If set to True, then this sink is disabled and it does + not export any log entries. + type: boolean + exclusions: + description: Log entries that match any of the exclusion filters will + not be exported. If a log entry is matched by both filter and one + of exclusion's filters, it will not be exported. + items: + properties: + description: + description: A description of this exclusion. + type: string + disabled: + description: If set to True, then this exclusion is disabled + and it does not exclude any log entries. + type: boolean + filter: + description: An advanced logs filter that matches the log entries + to be excluded. By using the sample function, you can exclude + less than 100% of the matching log entries. + type: string + name: + description: A client-assigned identifier, such as "load-balancer-exclusion". + Identifiers are limited to 100 characters and can include + only letters, digits, underscores, hyphens, and periods. First + character has to be alphanumeric. + type: string + required: + - filter + - name + type: object + type: array + filter: + description: The filter to apply when exporting logs. Only log entries + that match the filter are exported. + type: string + folderRef: + description: |- + The folder in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + includeChildren: + description: Immutable. Whether or not to include children organizations + in the sink export. If true, logs associated with child projects + are also exported; otherwise only logs relating to the provided + organization are included. + type: boolean + organizationRef: + description: |- + The organization in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + uniqueWriterIdentity: + description: Immutable. Whether or not to create a unique identity + associated with this sink. If false (the default), then the writer_identity + used is serviceAccount:cloud-logs@system.gserviceaccount.com. If + true, then a unique service account is created and used for this + sink. If you wish to publish logs across projects, you must set + unique_writer_identity to true. + type: boolean + required: + - destination + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + writerIdentity: + description: The identity associated with this sink. This identity + must be granted write access to the configured destination. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogviews.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogView + plural: logginglogviews + shortNames: + - gcplogginglogview + - gcplogginglogviews + singular: logginglogview + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + bucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The bucket of the resource + + Allowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this view. + type: string + filter: + description: 'Filter that restricts which log entries in a bucket + are visible in this view. Filters are restricted to be a logical + AND of ==/!= of any of the following: - originating project/folder/organization/billing + account. - resource type - log id For example: SOURCE("projects/myproject") + AND resource.type = "gce_instance" AND LOG_ID("stdout")' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the view. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the view. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: memcacheinstances.memcache.cnrm.cloud.google.com +spec: + group: memcache.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemcacheInstance + plural: memcacheinstances + shortNames: + - gcpmemcacheinstance + - gcpmemcacheinstances + singular: memcacheinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the instance. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - duration + - startTime + type: object + type: array + required: + - weeklyMaintenanceWindow + type: object + memcacheParameters: + description: Immutable. User-specified parameters for this memcache + instance. + properties: + id: + description: This is a unique ID associated with this set of parameters. + type: string + params: + additionalProperties: + type: string + description: User-defined set of parameters to use in the memcache + process. + type: object + type: object + memcacheVersion: + description: |- + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. Default value: "MEMCACHE_1_5" Possible values: ["MEMCACHE_1_5"]. + type: string + networkRef: + description: The full name of the network to connect the instance + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeConfig: + description: Immutable. Configuration for memcache nodes. + properties: + cpuCount: + description: Number of CPUs per node. + type: integer + memorySizeMb: + description: Memory size in Mebibytes for each memcache node. + type: integer + required: + - cpuCount + - memorySizeMb + type: object + nodeCount: + description: Number of nodes in the memcache instance. + type: integer + region: + description: Immutable. The region of the Memcache instance. If it + is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zones: + description: |- + Immutable. Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + items: + type: string + type: array + required: + - nodeConfig + - nodeCount + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + discoveryEndpoint: + description: Endpoint for Discovery API. + type: string + maintenanceSchedule: + description: Output only. Published maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memcacheFullVersion: + description: The full version of memcached server running on this + instance. + type: string + memcacheNodes: + description: Additional information about the instance state, if available. + items: + properties: + host: + description: Hostname or IP address of the Memcached node used + by the clients to connect to the Memcached server on this + node. + type: string + nodeId: + description: Identifier of the Memcached node. The node id does + not include project or location like the Memcached instance + name. + type: string + port: + description: The port number of the Memcached server on this + node. + type: integer + state: + description: Current state of the Memcached node. + type: string + zone: + description: Location (GCP Zone) for the Memcached node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringalertpolicies.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringAlertPolicy + plural: monitoringalertpolicies + shortNames: + - gcpmonitoringalertpolicy + - gcpmonitoringalertpolicies + singular: monitoringalertpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alertStrategy: + description: Control over how this alert policy's notification channels + are notified. + properties: + autoClose: + description: If an alert policy that was active has no data for + this long, any open incidents will close. + type: string + notificationRateLimit: + description: |- + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + properties: + period: + description: Not more than one notification per period. + type: string + type: object + type: object + combiner: + description: |- + How to combine the results of multiple conditions to + determine if an incident should be opened. Possible values: ["AND", "OR", "AND_WITH_MATCHING_RESOURCE"]. + type: string + conditions: + description: |- + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + items: + properties: + conditionAbsent: + description: |- + A condition that checks that a time series + continues to receive new data points. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + duration: + description: |- + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + type: object + conditionMatchedLog: + description: |- + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + properties: + filter: + description: A logs-based filter. + type: string + labelExtractors: + additionalProperties: + type: string + description: |- + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + type: object + required: + - filter + type: object + conditionMonitoringQueryLanguage: + description: A Monitoring Query Language query that outputs + a boolean stream. + properties: + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + query: + description: Monitoring Query Language query that outputs + a boolean stream. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + - query + type: object + conditionThreshold: + description: |- + A condition that compares a time series against a + threshold. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + comparison: + description: |- + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. Possible values: ["COMPARISON_GT", "COMPARISON_GE", "COMPARISON_LT", "COMPARISON_LE", "COMPARISON_EQ", "COMPARISON_NE"]. + type: string + denominatorAggregations: + description: |- + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + denominatorFilter: + description: |- + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + thresholdValue: + description: |- + A value against which to compare the time + series. + type: number + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - comparison + - duration + type: object + displayName: + description: |- + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + type: string + name: + description: |- + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + type: string + required: + - displayName + type: object + type: array + displayName: + description: |- + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + type: string + documentation: + description: |- + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + properties: + content: + description: |- + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + type: string + mimeType: + description: |- + The format of the content field. Presently, only the value + "text/markdown" is supported. + type: string + type: object + enabled: + description: Whether or not the policy is enabled. The default is + true. + type: boolean + notificationChannels: + items: + description: Identifies the notification channels to which notifications + should be sent when incidents are opened or closed or when new + violations occur on an already opened incident. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `MonitoringNotificationChannel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - combiner + - conditions + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationRecord: + description: |- + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + items: + properties: + mutateTime: + description: When the change occurred. + type: string + mutatedBy: + description: The email address of the user making the change. + type: string + type: object + type: array + name: + description: |- + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringdashboards.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringDashboard + plural: monitoringdashboards + shortNames: + - gcpmonitoringdashboard + - gcpmonitoringdashboards + singular: monitoringdashboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnLayout: + description: The content is divided into equally spaced columns and + the widgets are arranged vertically. + properties: + columns: + description: The columns of content to display. + items: + properties: + weight: + description: The relative weight of this column. The column + weight is used to adjust the width of columns on the screen + (relative to peers). Greater the weight, greater the width + of the column on the screen. If omitted, a value of 1 + is used while rendering. + format: int64 + type: integer + widgets: + description: The display widgets arranged vertically in + this column. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google + Cloud resource name of a `Project` resource + (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. For example, if the data + is published once every 10 minutes it would + not make sense to fetch and align data at + one minute intervals. This field is optional + and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine + the state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold + that triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum + alignment period to use in a time series + query For example, if the data is published + once every 10 minutes, the `min_alignment_period` + should be at least 10 minutes. It would + not make sense to fetch and align data + at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods + (e.g., week-over-week metrics). The duration + must be positive, and it can only be applied + to charts with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + displayName: + description: Required. The mutable, human-readable name. + type: string + gridLayout: + description: Content is arranged with a basic layout that re-flows + a simple list of informational elements like widgets or tiles. + properties: + columns: + description: The number of columns into which the view's width + is divided. If omitted or set to zero, a system default will + be used while rendering. + format: int64 + type: integer + widgets: + description: The informational elements that are arranged into + the columns row-first. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud + resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show a gauge + chart. + properties: + lowerBound: + description: The lower bound for this gauge chart. + The value of the chart should always be greater + than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge chart. + The value of the chart should always be less than + or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a spark + chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the minimum + alignment period to use in a time series query. + For example, if the data is published once every + 10 minutes it would not make sense to fetch and + align data at one minute intervals. This field + is optional and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart to + show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, + SPARK_LINE, SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine the state + of the scorecard given the time series'' current value. + For an actual value x, the scorecard is in a danger + state if x is less than or equal to a danger threshold + that triggers below, or greater than or equal to a + danger threshold that triggers above. Similarly, if + x is above/below a warning threshold that triggers + above/below, then the scorecard is in a warning state + - unless x also puts it in a danger state. (Danger + trumps warning.) As an example, consider a scorecard + with the following four thresholds: { value: 90, category: + ''DANGER'', trigger: ''ABOVE'', },: { value: 70, category: + ''WARNING'', trigger: ''ABOVE'', }, { value: 10, category: + ''DANGER'', trigger: ''BELOW'', }, { value: 20, category: + ''WARNING'', trigger: ''BELOW'', } Then: values + less than or equal to 10 would put the scorecard in + a DANGER state, values greater than 10 but less than + or equal to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or equal + to 70 but less than 90 a WARNING state, and values + greater than or equal to 90 a DANGER state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current threshold. + Direction is not allowed in a XyChart. Possible + values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time series + data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views of + the data. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking to + select time series that pass through the + filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series. + Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking to + select time series that pass through the + filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series. + Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. The value + must be at least 60 seconds. If a per-series + aligner other than `ALIGN_NONE` is specified, + this field is required or an error is + returned. If no per-series aligner is + specified, or the aligner `ALIGN_NONE` + is specified, then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the `value_type` + of the original time series. Reduction + can yield a time series with a different + `metric_kind` or `value_type` than the + input time series. Time series data must + first be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` is + specified, then `per_series_aligner` must + be specified, and must not be `ALIGN_NONE`. + An `alignment_period` must also be specified; + otherwise, an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how the + time series are partitioned into subsets + prior to applying the aggregation operation. + Each subset contains time series that + have the same value for each of the grouping + fields. Each individual time series is + a member of exactly one subset. The `cross_series_reducer` + is applied to each subset of time series. + It is not possible to reduce across different + resource types, so this field implicitly + contains `resource.type`. Fields not + specified in `group_by_fields` are aggregated + away. If `group_by_fields` is not specified + and all the time series have the same + resource type, then the time series are + aggregated into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. Not all alignment + operations may be applied to all time + series. The valid choices depend on the + `metric_kind` and `value_type` of the + original time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series data + must be aligned in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will override + any unit that accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. Possible + values: FORMAT_UNSPECIFIED, MARKDOWN, RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: MODE_UNSPECIFIED, + COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this chart. + items: + properties: + legendTemplate: + description: 'A template string for naming `TimeSeries` + in the resulting data set. This should be a + string with interpolations of the form `${label_name}`, + which will resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set, implemented + by specifying the minimum alignment period to + use in a time series query For example, if the + data is published once every 10 minutes, the + `min_alignment_period` should be at least 10 + minutes. It would not make sense to fetch and + align data at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally across + the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current threshold. + Direction is not allowed in a XyChart. Possible + values: DIRECTION_UNSPECIFIED, ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows values + from two similar-length time periods (e.g., week-over-week + metrics). The duration must be positive, and it can + only be applied to charts with data sets of LINE plot + type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a linear + scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a linear + scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + mosaicLayout: + description: The content is arranged as a grid of tiles, with each + content widget occupying one or more tiles. + properties: + columns: + description: The number of columns in the mosaic grid. + format: int64 + type: integer + tiles: + description: The tiles to display. + items: + properties: + height: + description: The height of the tile, measured in grid squares. + format: int64 + type: integer + widget: + description: The informational widget contained in the tile. + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud + resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show a + gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a + spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the + minimum alignment period to use in a time + series query. For example, if the data is + published once every 10 minutes it would not + make sense to fetch and align data at one + minute intervals. This field is optional and + exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine the + state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold that + triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in a + XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass through + the filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, + METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. The value must be at least + 60 seconds. If a per-series aligner + other than `ALIGN_NONE` is specified, + this field is required or an error + is returned. If no per-series + aligner is specified, or the aligner + `ALIGN_NONE` is specified, then + this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not + all reducer operations can be + applied to all time series. The + valid choices depend on the `metric_kind` + and the `value_type` of the original + time series. Reduction can yield + a time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first be aligned + (see `per_series_aligner`) in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets prior + to applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. The value must be at least + 60 seconds. If a per-series aligner + other than `ALIGN_NONE` is specified, + this field is required or an error + is returned. If no per-series + aligner is specified, or the aligner + `ALIGN_NONE` is specified, then + this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not + all reducer operations can be + applied to all time series. The + valid choices depend on the `metric_kind` + and the `value_type` of the original + time series. Reduction can yield + a time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first be aligned + (see `per_series_aligner`) in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets prior + to applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in + order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass through + the filter. Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, + METHOD_MIN, METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this field + is required or an error is returned. + If no per-series aligner is specified, + or the aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. Not + all reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and the + `value_type` of the original time + series. Reduction can yield a time + series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not be + `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + The `group_by_fields` determine how + the time series are partitioned into + subsets prior to applying the aggregation + operation. Each subset contains time + series that have the same value for + each of the grouping fields. Each + individual time series is a member + of exactly one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, so + this field implicitly contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the time + series have the same resource type, + then the time series are aggregated + into a single output time series. + If `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. Not all + alignment operations may be applied + to all time series. The valid choices + depend on the `metric_kind` and `value_type` + of the original time series. Alignment + can change the `metric_kind` or the + `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will + override any unit that accompanies fetched + data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum alignment + period to use in a time series query For + example, if the data is published once every + 10 minutes, the `min_alignment_period` should + be at least 10 minutes. It would not make + sense to fetch and align data at one minute + intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver metrics + API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible + values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. The + value must be at least 60 + seconds. If a per-series + aligner other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, or + the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend + on the `metric_kind` and + the `value_type` of the + original time series. Reduction + can yield a time series + with a different `metric_kind` + or `value_type` than the + input time series. Time + series data must first be + aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An + `alignment_period` must + also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member + of exactly one subset. The + `cross_series_reducer` is + applied to each subset of + time series. It is not possible + to reduce across different + resource types, so this + field implicitly contains + `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the time + series have the same resource + type, then the time series + are aggregated into a single + output time series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. Not all + alignment operations may + be applied to all time series. + The valid choices depend + on the `metric_kind` and + `value_type` of the original + time series. Alignment can + change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in + order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must + be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. The + value must be at least 60 + seconds. If a per-series + aligner other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, or + the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend + on the `metric_kind` and + the `value_type` of the + original time series. Reduction + can yield a time series + with a different `metric_kind` + or `value_type` than the + input time series. Time + series data must first be + aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An + `alignment_period` must + also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member + of exactly one subset. The + `cross_series_reducer` is + applied to each subset of + time series. It is not possible + to reduce across different + resource types, so this + field implicitly contains + `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the time + series have the same resource + type, then the time series + are aggregated into a single + output time series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. Not all + alignment operations may + be applied to all time series. + The valid choices depend + on the `metric_kind` and + `value_type` of the original + time series. Alignment can + change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in + order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must + be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible + values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, + YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in a + XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods (e.g., + week-over-week metrics). The duration must be + positive, and it can only be applied to charts + with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a + linear scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, a + linear scale is used. Possible values: SCALE_UNSPECIFIED, + LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + width: + description: The width of the tile, measured in grid squares. + format: int64 + type: integer + xPos: + description: The zero-indexed position of the tile in grid + squares relative to the left edge of the grid. + format: int64 + type: integer + yPos: + description: The zero-indexed position of the tile in grid + squares relative to the top edge of the grid. + format: int64 + type: integer + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rowLayout: + description: The content is divided into equally spaced rows and the + widgets are arranged horizontally. + properties: + rows: + description: The rows of content to display. + items: + properties: + weight: + description: The relative weight of this row. The row weight + is used to adjust the height of rows on the screen (relative + to peers). Greater the weight, greater the height of the + row on the screen. If omitted, a value of 1 is used while + rendering. + format: int64 + type: integer + widgets: + description: The display widgets arranged horizontally in + this row. + items: + properties: + blank: + description: A blank space. + type: object + x-kubernetes-preserve-unknown-fields: true + logsPanel: + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + Only log entries that match the filter are returned. + An empty filter matches all log entries. + type: string + resourceNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google + Cloud resource name of a `Project` resource + (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. For example, if the data + is published once every 10 minutes it would + not make sense to fetch and align data at + one minute intervals. This field is optional + and exists only as a hint. + type: string + sparkChartType: + description: 'Required. The type of sparkchart + to show in this chartView. Possible values: + SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, + SPARK_BAR' + type: string + required: + - sparkChartType + type: object + thresholds: + description: 'The thresholds used to determine + the state of the scorecard given the time series'' + current value. For an actual value x, the scorecard + is in a danger state if x is less than or equal + to a danger threshold that triggers below, or + greater than or equal to a danger threshold + that triggers above. Similarly, if x is above/below + a warning threshold that triggers above/below, + then the scorecard is in a warning state - unless + x also puts it in a danger state. (Danger trumps + warning.) As an example, consider a scorecard + with the following four thresholds: { value: + 90, category: ''DANGER'', trigger: ''ABOVE'', + },: { value: 70, category: ''WARNING'', trigger: + ''ABOVE'', }, { value: 10, category: ''DANGER'', trigger: + ''BELOW'', }, { value: 20, category: ''WARNING'', trigger: + ''BELOW'', } Then: values less than or equal + to 10 would put the scorecard in a DANGER state, + values greater than 10 but less than or equal + to 20 a WARNING state, values strictly between + 20 and 70 an OK state, values greater than or + equal to 70 but less than 90 a WARNING state, + and values greater than or equal to 90 a DANGER + state.' + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. The value must + be at least 60 seconds. If a + per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error + is returned. If no per-series + aligner is specified, or the + aligner `ALIGN_NONE` is specified, + then this field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. Not all reducer + operations can be applied to + all time series. The valid choices + depend on the `metric_kind` + and the `value_type` of the + original time series. Reduction + can yield a time series with + a different `metric_kind` or + `value_type` than the input + time series. Time series data + must first be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the same + value for each of the grouping + fields. Each individual time + series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of + time series. It is not possible + to reduce across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same resource + type, then the time series are + aggregated into a single output + time series. If `cross_series_reducer` + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. Not all alignment + operations may be applied to + all time series. The valid choices + depend on the `metric_kind` + and `value_type` of the original + time series. Alignment can change + the `metric_kind` or the `value_type` + of the time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not equal + to `ALIGN_NONE` and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: 'How to use the ranking + to select time series that pass + through the filter. Possible values: + DIRECTION_UNSPECIFIED, TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series. Possible values: + METHOD_UNSPECIFIED, METHOD_MEAN, + METHOD_MAX, METHOD_MIN, METHOD_SUM, + METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. The + value must be at least 60 seconds. + If a per-series aligner other than + `ALIGN_NONE` is specified, this + field is required or an error is + returned. If no per-series aligner + is specified, or the aligner `ALIGN_NONE` + is specified, then this field is + ignored. + type: string + crossSeriesReducer: + description: 'The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. Not all + reducer operations can be applied + to all time series. The valid choices + depend on the `metric_kind` and + the `value_type` of the original + time series. Reduction can yield + a time series with a different `metric_kind` + or `value_type` than the input time + series. Time series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must not + be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, + REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series are + partitioned into subsets prior to + applying the aggregation operation. + Each subset contains time series + that have the same value for each + of the grouping fields. Each individual + time series is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset of time + series. It is not possible to reduce + across different resource types, + so this field implicitly contains + `resource.type`. Fields not specified + in `group_by_fields` are aggregated + away. If `group_by_fields` is not + specified and all the time series + have the same resource type, then + the time series are aggregated into + a single output time series. If + `cross_series_reducer` is not defined, + this field is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. Not all alignment operations + may be applied to all time series. + The valid choices depend on the + `metric_kind` and `value_type` of + the original time series. Alignment + can change the `metric_kind` or + the `value_type` of the time series. Time + series data must be aligned in order + to perform cross-time series reduction. + If `cross_series_reducer` is specified, + then `per_series_aligner` must be + specified and not equal to `ALIGN_NONE` + and `alignment_period` must be specified; + otherwise, an error is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: 'How the text content is formatted. + Possible values: FORMAT_UNSPECIFIED, MARKDOWN, + RAW' + type: string + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: 'The chart mode. Possible values: + MODE_UNSPECIFIED, COLOR, X_RAY, STATS' + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: 'A template string for naming + `TimeSeries` in the resulting data set. + This should be a string with interpolations + of the form `${label_name}`, which will + resolve to the label''s value. ' + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set, + implemented by specifying the minimum + alignment period to use in a time series + query For example, if the data is published + once every 10 minutes, the `min_alignment_period` + should be at least 10 minutes. It would + not make sense to fetch and align data + at one minute intervals. + type: string + plotType: + description: 'How this data should be plotted + on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, + LINE, STACKED_AREA, STACKED_BAR, HEATMAP' + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + Use this field to combine + multiple time series for different + views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. The value + must be at least 60 seconds. + If a per-series aligner + other than `ALIGN_NONE` + is specified, this field + is required or an error + is returned. If no per-series + aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this + field is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. Not all reducer + operations can be applied + to all time series. The + valid choices depend on + the `metric_kind` and + the `value_type` of the + original time series. + Reduction can yield a + time series with a different + `metric_kind` or `value_type` + than the input time series. Time + series data must first + be aligned (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and + must not be `ALIGN_NONE`. + An `alignment_period` + must also be specified; + otherwise, an error is + returned. Possible values: + REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, + REDUCE_SUM, REDUCE_STDDEV, + REDUCE_COUNT, REDUCE_COUNT_TRUE, + REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, + REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, + REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, + REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time + series are partitioned + into subsets prior to + applying the aggregation + operation. Each subset + contains time series that + have the same value for + each of the grouping fields. + Each individual time series + is a member of exactly + one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is + not possible to reduce + across different resource + types, so this field implicitly + contains `resource.type`. Fields + not specified in `group_by_fields` + are aggregated away. If + `group_by_fields` is not + specified and all the + time series have the same + resource type, then the + time series are aggregated + into a single output time + series. If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. Not + all alignment operations + may be applied to all + time series. The valid + choices depend on the + `metric_kind` and `value_type` + of the original time series. + Alignment can change the + `metric_kind` or the `value_type` + of the time series. Time + series data must be aligned + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and + not equal to `ALIGN_NONE` + and `alignment_period` + must be specified; otherwise, + an error is returned. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: 'How to use the + ranking to select time series + that pass through the filter. + Possible values: DIRECTION_UNSPECIFIED, + TOP, BOTTOM' + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int64 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series. Possible + values: METHOD_UNSPECIFIED, + METHOD_MEAN, METHOD_MAX, METHOD_MIN, + METHOD_SUM, METHOD_LATEST' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. The + value must be at least 60 + seconds. If a per-series aligner + other than `ALIGN_NONE` is + specified, this field is required + or an error is returned. If + no per-series aligner is specified, + or the aligner `ALIGN_NONE` + is specified, then this field + is ignored. + type: string + crossSeriesReducer: + description: 'The reduction + operation to be used to combine + time series into a single + time series, where the value + of each data point in the + resulting series is a function + of all the already aligned + values in the input time series. Not + all reducer operations can + be applied to all time series. + The valid choices depend on + the `metric_kind` and the + `value_type` of the original + time series. Reduction can + yield a time series with a + different `metric_kind` or + `value_type` than the input + time series. Time series + data must first be aligned + (see `per_series_aligner`) + in order to perform cross-time + series reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified, and must + not be `ALIGN_NONE`. An `alignment_period` + must also be specified; otherwise, + an error is returned. Possible + values: REDUCE_NONE, REDUCE_MEAN, + REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, + REDUCE_STDDEV, REDUCE_COUNT, + REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, + REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, + REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, + REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, + REDUCE_MAKE_DISTRIBUTION' + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. The `group_by_fields` + determine how the time series + are partitioned into subsets + prior to applying the aggregation + operation. Each subset contains + time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of + exactly one subset. The `cross_series_reducer` + is applied to each subset + of time series. It is not + possible to reduce across + different resource types, + so this field implicitly contains + `resource.type`. Fields not + specified in `group_by_fields` + are aggregated away. If `group_by_fields` + is not specified and all the + time series have the same + resource type, then the time + series are aggregated into + a single output time series. + If `cross_series_reducer` + is not defined, this field + is ignored. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. Not all + alignment operations may be + applied to all time series. + The valid choices depend on + the `metric_kind` and `value_type` + of the original time series. + Alignment can change the `metric_kind` + or the `value_type` of the + time series. Time series + data must be aligned in order + to perform cross-time series + reduction. If `cross_series_reducer` + is specified, then `per_series_aligner` + must be specified and not + equal to `ALIGN_NONE` and + `alignment_period` must be + specified; otherwise, an error + is returned. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: 'The state color for this threshold. + Color is not allowed in a XyChart. Possible + values: COLOR_UNSPECIFIED, GREY, BLUE, + GREEN, YELLOW, ORANGE, RED' + type: string + direction: + description: 'The direction for the current + threshold. Direction is not allowed in + a XyChart. Possible values: DIRECTION_UNSPECIFIED, + ABOVE, BELOW' + type: string + label: + description: A label for the threshold. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. A comparison chart simultaneously shows + values from two similar-length time periods + (e.g., week-over-week metrics). The duration + must be positive, and it can only be applied + to charts with data sets of LINE plot type. + type: string + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + type: object + type: object + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - goal + - projectRef + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservices.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringService + plural: monitoringservices + shortNames: + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Name used for UI elements listing this Service. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs + shortNames: + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. + items: + properties: + content: + type: string + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' + type: string + required: + - content + type: object + type: array + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. + type: string + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. + properties: + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' + type: string + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' + type: string + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. + type: string + required: + - filterLabels + - type + type: object + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for this uptime check config. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. + type: string + required: + - displayName + - projectRef + - timeout + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivityHub + plural: networkconnectivityhubs + shortNames: + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the hub. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the hub was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes + shortNames: + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the spoke. + type: string + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. + + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - hubRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the spoke was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies + shortNames: + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array + required: + - action + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies + shortNames: + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies + shortNames: + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEndpointPolicy + plural: networkservicesendpointpolicies + shortNames: + - gcpnetworkservicesendpointpolicy + - gcpnetworkservicesendpointpolicies + singular: networkservicesendpointpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizationPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + clientTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + endpointMatcher: + description: Required. A matcher that selects endpoints to which the + policies should be applied. + properties: + metadataLabelMatcher: + description: The matcher is based on node metadata presented by + xDS clients. + properties: + metadataLabelMatchCriteria: + description: 'Specifies how matching should be done. Supported + values are: MATCH_ANY: At least one of the Labels specified + in the matcher should match the metadata presented by xDS + client. MATCH_ALL: The metadata presented by the xDS client + should contain all of the labels specified here. The selection + is determined based on the best match. For example, suppose + there are three EndpointPolicy resources P1, P2 and P3 and + if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL + , and P3 has MATCH_ALL . If a client with label connects, + the config from P1 will be selected. If a client with label + connects, the config from P2 will be selected. If a client + with label connects, the config from P3 will be selected. + If there is more than one best match, (for example, if a + config P4 with selector exists and if a client with label + connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + metadataLabels: + description: The list of label value pairs that must match + labels in the provided metadata based on filterMatchCriteria + This list can have at most 64 entries. The list can be empty + if the match criteria is MATCH_ANY, to specify a wildcard + match (i.e this matches any client). + items: + properties: + labelName: + description: Required. Label name presented as key in + xDS Node Metadata. + type: string + labelValue: + description: Required. Label value presented as value + corresponding to the above key, in xDS Node Metadata. + type: string + required: + - labelName + - labelValue + type: object + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + trafficPortSelector: + description: Optional. Port selector for the (matched) endpoints. + If no port selector is provided, the matched config is applied to + all ports. + properties: + ports: + description: Optional. A list of ports. Can be port numbers or + port range (example, specifies all ports from 80 to 90, including + 80 and 90) or named ports or * to specify all ports. If the + list is empty, all ports are selected. + items: + type: string + type: array + type: object + type: + description: 'Required. The type of endpoint config. This is primarily + used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, + SIDECAR_PROXY, GRPC_SERVER' + type: string + required: + - endpointMatcher + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgateways.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGateway + plural: networkservicesgateways + shortNames: + - gcpnetworkservicesgateway + - gcpnetworkservicesgateways + singular: networkservicesgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addresses: + description: One or more addresses with ports in format of ":" that + the Gateway must receive traffic on. The proxy binds to the ports + specified. IP address can be anything that is allowed by the underlying + infrastructure (auto-allocation, static IP, BYOIP). + items: + type: string + type: array + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + ports: + description: Required. One or more ports that the Gateway must receive + traffic on. The proxy binds to the ports specified. Gateway listen + on 0.0.0.0 on the ports specified below. + items: + format: int64 + type: integer + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: Immutable. Required. Immutable. Scope determines how + configuration across multiple Gateway instances are merged. The + configuration for multiple Gateway instances with the same scope + will be merged as presented as a single coniguration to the proxy/load + balancer. Max length 64 characters. Scope should start with a letter + and can only have letters, numbers, hyphens. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. Immutable. The type of the customer managed + gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY' + type: string + required: + - location + - ports + - projectRef + - scope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGRPCRoute + plural: networkservicesgrpcroutes + shortNames: + - gcpnetworkservicesgrpcroute + - gcpnetworkservicesgrpcroutes + singular: networkservicesgrpcroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: 'Required. Service hostnames with an optional port for + which this route describes traffic. Format: [:] Hostname is the + fully qualified domain name of a network host. This matches the + RFC 1123 definition of a hostname with 2 notable exceptions: - IPs + are not allowed. - A hostname may be prefixed with a wildcard label + (*.). The wildcard label must appear by itself as the first label. + Hostname can be “precise” which is a domain name without the terminating + dot of a network host (e.g. “foo.example.com”) or “wildcard”, which + is a domain name prefixed with a single wildcard label (e.g. *.example.com). + Note that as per RFC1035 and RFC1123, a label must consist of lower + case alphanumeric characters or ‘-’, and must start and end with + an alphanumeric character. No other punctuation is allowed. The + routes associated with a Router must have unique hostnames. If you + attempt to attach multiple routes with conflicting hostnames, the + configuration will be rejected. For example, while it is acceptable + for routes for the hostnames "*.foo.bar.com" and "*.bar.com" to + be associated with the same route, it is not possible to associate + two routes both with "*.bar.com" or both with "bar.com". In the + case that multiple routes match the hostname, the most specific + match will be selected. For example, "foo.bar.baz.com" will take + precedence over "*.bar.baz.com" and "*.bar.baz.com" will take precedence + over "*.baz.com". If a port is specified, then gRPC clients must + use the channel URI with the port to match this rule (i.e. "xds:///service:123"), + otherwise they must supply the URI without a port (i.e. "xds:///service").' + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. A list of detailed rules defining how to route + traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated + with the first matching GrpcRoute.RouteRule will be executed. At + least one rule must be supplied. + items: + properties: + action: + description: Required. A detailed rule defining how to route + traffic. This field is required. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. If multiple destinations + are specified, traffic will be split between Backend Service(s) + according to the weight field of these destinations. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + faultInjectionPolicy: + description: Optional. The specification for fault injection + introduced into traffic to test the resiliency of clients + to destination service failure. As part of fault injection, + when clients send requests to a destination, delays can + be introduced on a percentage of requests before sending + those requests to the destination service. Similarly requests + from clients can be aborted by for a percentage of requests. + timeout and retry_policy will be ignored by clients that + are configured with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + retryPolicy: + description: Optional. Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specpfied, default + to 1. + format: int64 + type: integer + retryConditions: + description: '- connect-failure: Router will retry on + failures connecting to Backend Services, for example + due to connection timeouts. - refused-stream: Router + will retry if the backend service resets the stream + with a REFUSED_STREAM error code. This reset type + indicates that it is safe to retry. - cancelled: Router + will retry if the gRPC status code in the response + header is set to cancelled - deadline-exceeded: Router + will retry if the gRPC status code in the response + header is set to deadline-exceeded - resource-exhausted: + Router will retry if the gRPC status code in the response + header is set to resource-exhausted - unavailable: + Router will retry if the gRPC status code in the response + header is set to unavailable' + items: + type: string + type: array + type: object + timeout: + description: Optional. Specifies the timeout for selected + route. Timeout is computed from the time the request has + been fully processed (i.e. end of stream) up until the + response has been completely processed. Timeout includes + all retries. + type: string + type: object + matches: + description: Optional. Matches define conditions used for matching + the rule against incoming gRPC requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. If no matches field is specified, this rule will + unconditionally match traffic. + items: + properties: + headers: + description: Optional. Specifies a collection of headers + to match. + items: + properties: + key: + description: Required. The key of the header. + type: string + type: + description: 'Optional. Specifies how to match against + the value of the header. If not specified, a default + value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + value: + description: Required. The value of the header. + type: string + required: + - key + - value + type: object + type: array + method: + description: Optional. A gRPC method to match against. + If this field is empty or omitted, will match all methods. + properties: + caseSensitive: + description: Optional. Specifies that matches are + case sensitive. The default value is true. case_sensitive + must not be used with a type of REGULAR_EXPRESSION. + type: boolean + grpcMethod: + description: Required. Name of the method to match + against. If unspecified, will match all methods. + type: string + grpcService: + description: Required. Name of the service to match + against. If unspecified, will match all services. + type: string + type: + description: 'Optional. Specifies how to match against + the name. If not specified, a default value of "EXACT" + is used. Possible values: TYPE_UNSPECIFIED, EXACT, + REGULAR_EXPRESSION' + type: string + required: + - grpcMethod + - grpcService + type: object + type: object + type: array + required: + - action + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkserviceshttproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesHTTPRoute + plural: networkserviceshttproutes + shortNames: + - gcpnetworkserviceshttproute + - gcpnetworkserviceshttproutes + singular: networkserviceshttproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: Required. Hostnames define a set of hosts that should + match against the HTTP host header to select a HttpRoute to process + the request. Hostname is the fully qualified domain name of a network + host, as defined by RFC 1123 with the exception that ip addresses + are not allowed. Wildcard hosts are supported as "*" (no prefix + or suffix allowed). + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. + items: + properties: + action: + description: The detailed rule defining how to route matched + traffic. + properties: + corsPolicy: + description: The specification for allowing client side + cross-origin requests. + properties: + allowCredentials: + description: In response to a preflight request, setting + this to true indicates that the actual request can + include user credentials. This translates to the Access-Control-Allow-Credentials + header. Default value is false. + type: boolean + allowHeaders: + description: Specifies the content for Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: Specifies the regular expression patterns + that match allowed origins. For regular expression + grammar, please see https://github.com/google/re2/wiki/Syntax. + items: + type: string + type: array + allowOrigins: + description: Specifies the list of origins that will + be allowed to do CORS requests. An origin is allowed + if it matches either an item in allow_origins or an + item in allow_origin_regexes. + items: + type: string + type: array + disabled: + description: If true, the CORS policy is disabled. The + default value is false, which indicates that the CORS + policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: Specifies how long result of a preflight + request can be cached in seconds. This translates + to the Access-Control-Max-Age header. + type: string + type: object + destinations: + description: The destination to which traffic should be + forwarded. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights in + this destination list). For non-zero values, there + may be some epsilon from the exact proportion defined + here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + type: object + type: array + faultInjectionPolicy: + description: The specification for fault injection introduced + into traffic to test the resiliency of clients to backend + service failure. As part of fault injection, when clients + send requests to a backend service, delays can be introduced + on a percentage of requests before sending those requests + to the backend service. Similarly requests from clients + can be aborted for a percentage of requests. timeout and + retry_policy will be ignored by clients that are configured + with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + redirect: + description: If set, the request is directed as configured + by this field. + properties: + hostRedirect: + description: The host that will be used in the redirect + response instead of the one that was supplied in the + request. + type: string + httpsRedirect: + description: If set to true, the URL scheme in the redirected + request is set to https. If set to false, the URL + scheme of the redirected request will remain the same + as that of the request. The default is set to false. + type: boolean + pathRedirect: + description: The path that will be used in the redirect + response instead of the one that was supplied in the + request. path_redirect can not be supplied together + with prefix_redirect. Supply one alone or neither. + If neither is supplied, the path of the original request + will be used for the redirect. + type: string + portRedirect: + description: The port that will be used in the redirected + request instead of the one that was supplied in the + request. + format: int64 + type: integer + prefixRewrite: + description: Indicates that during redirection, the + matched prefix (or path) should be swapped with this + value. This option allows URLs be dynamically created + based on the request. + type: string + responseCode: + description: 'The HTTP Status code to use for the redirect. + Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, + SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT' + type: string + stripQuery: + description: if set to true, any accompanying query + portion of the original URL is removed prior to redirecting + the request. If set to false, the query portion of + the original URL is retained. The default is set to + false. + type: boolean + type: object + requestHeaderModifier: + description: The specification for modifying the headers + of a matching request prior to delivery of the request + to the destination. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + requestMirrorPolicy: + description: Specifies the policy on how requests intended + for the routes destination are shadowed to a separate + mirrored destination. Proxy will not wait for the shadow + destination to respond before returning the response. + Prior to sending traffic to the shadow service, the host/authority + header is suffixed with -shadow. + properties: + destination: + description: The destination the requests will be mirrored + to. The weight of the destination will be ignored. + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified + and it has a weight greater than 0, 100% of the + traffic is forwarded to that backend. If weights + are specified for any one service name, they need + to be specified for all of them. If weights are + unspecified for all services, then, traffic is + distributed in equal proportions to all of them.' + format: int64 + type: integer + type: object + type: object + responseHeaderModifier: + description: The specification for modifying the headers + of a response prior to sending the response back to the + client. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specified, default + to 1. + format: int64 + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per retry + attempt. + type: string + retryConditions: + description: 'Specifies one or more conditions when + this retry policy applies. Valid values are: 5xx: + Proxy will attempt a retry if the destination service + responds with any 5xx response code, of if the destination + service does not respond at all, example: disconnect, + reset, read timeout, connection failure and refused + streams. gateway-error: Similar to 5xx, but only applies + to response codes 502, 503, 504. reset: Proxy will + attempt a retry if the destination service does not + respond at all (disconnect/reset/read timeout) connect-failure: + Proxy will retry on failures connecting to destination + for example due to connection timeouts. retriable-4xx: + Proxy will retry fro retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream: Proxy will retry if the destination + resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry.' + items: + type: string + type: array + type: object + timeout: + description: Specifies the timeout for selected route. Timeout + is computed from the time the request has been fully processed + (i.e. end of stream) up until the response has been completely + processed. Timeout includes all retries. + type: string + urlRewrite: + description: The specification for rewrite URL before forwarding + requests to the destination. + properties: + hostRewrite: + description: Prior to forwarding the request to the + selected destination, the requests host header is + replaced by this value. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request to the + selected destination, the matching portion of the + requests path is replaced by this value. + type: string + type: object + type: object + matches: + description: A list of matches define conditions used for matching + the rule against incoming HTTP requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. + items: + properties: + fullPathMatch: + description: The HTTP request path value should exactly + match this value. Only one of full_path_match, prefix_match, + or regex_match should be used. + type: string + headers: + description: Specifies a list of HTTP request headers + to match against. ALL of the supplied headers must be + matched. + items: + properties: + exactMatch: + description: The value of the header should match + exactly the content of exact_match. + type: string + header: + description: The name of the HTTP header to match + against. + type: string + invertMatch: + description: If specified, the match result will + be inverted before checking. Default value is + set to false. + type: boolean + prefixMatch: + description: The value of the header must start + with the contents of prefix_match. + type: string + presentMatch: + description: A header with header_name must exist. + The match takes place whether or not the header + has a value. + type: boolean + rangeMatch: + description: If specified, the rule will match if + the request header value is within the range. + properties: + end: + description: End of the range (exclusive) + format: int64 + type: integer + start: + description: Start of the range (inclusive) + format: int64 + type: integer + type: object + regexMatch: + description: 'The value of the header must match + the regular expression specified in regex_match. + For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax' + type: string + suffixMatch: + description: The value of the header must end with + the contents of suffix_match. + type: string + type: object + type: array + ignoreCase: + description: Specifies if prefix_match and full_path_match + matches are case sensitive. The default value is false. + type: boolean + prefixMatch: + description: The HTTP request path value must begin with + specified prefix_match. prefix_match must begin with + a /. Only one of full_path_match, prefix_match, or regex_match + should be used. + type: string + queryParameters: + description: Specifies a list of query parameters to match + against. ALL of the query parameters must be matched. + items: + properties: + exactMatch: + description: The value of the query parameter must + exactly match the contents of exact_match. Only + one of exact_match, regex_match, or present_match + must be set. + type: string + presentMatch: + description: Specifies that the QueryParameterMatcher + matches if request contains query parameter, irrespective + of whether the parameter has a value or not. Only + one of exact_match, regex_match, or present_match + must be set. + type: boolean + queryParameter: + description: The name of the query parameter to + match. + type: string + regexMatch: + description: The value of the query parameter must + match the regular expression specified by regex_match. + For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax + Only one of exact_match, regex_match, or present_match + must be set. + type: string + type: object + type: array + regexMatch: + description: The HTTP request path value must satisfy + the regular expression specified by regex_match after + removing any query parameters and anchor supplied with + the original URL. For regular expression grammar, please + see https://github.com/google/re2/wiki/Syntax Only one + of full_path_match, prefix_match, or regex_match should + be used. + type: string + type: object + type: array + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesmeshes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesMesh + plural: networkservicesmeshes + shortNames: + - gcpnetworkservicesmesh + - gcpnetworkservicesmeshes + singular: networkservicesmesh + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + interceptionPort: + description: Optional. If set to a valid TCP port (1-65535), instructs + the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) + address. The SIDECAR proxy will expect all traffic to be redirected + to this port regardless of its actual ip:port destination. If unset, + a port '15001' is used as the interception port. This field is only + valid if the type of Mesh is SIDECAR. + format: int64 + type: integer + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestcproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTCPRoute + plural: networkservicestcproutes + shortNames: + - gcpnetworkservicestcproute + - gcpnetworkservicestcproutes + singular: networkservicestcproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + originalDestination: + description: Optional. If true, Router will use the destination + IP and port of the original connection as the destination + of the request. Default is false. + type: boolean + type: object + matches: + description: Optional. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are “OR”ed for evaluation. If no routeMatch field is specified, + this rule will unconditionally match traffic. + items: + properties: + address: + description: 'Required. Must be specified in the CIDR + range format. A CIDR range consists of an IP Address + and a prefix length to construct the subnet mask. By + default, the prefix length is 32 (i.e. matches a single + IP address). Only IPV4 addresses are supported. Examples: + “10.0.0.1” - matches against this exact IP address. + “10.0.0.0/8" - matches against any IP address within + the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" + - matches against any IP address''.' + type: string + port: + description: Required. Specifies the destination port + to match against. + type: string + required: + - address + - port + type: object + type: array + required: + - action + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestlsroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTLSRoute + plural: networkservicestlsroutes + shortNames: + - gcpnetworkservicestlsroute + - gcpnetworkservicestlsroutes + singular: networkservicestlsroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Required. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwareded to the backend referenced by + the service_name field. This is computed as: weight/Sum(weights + in destinations) Weights in all destinations does + not need to sum up to 100.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + required: + - destinations + type: object + matches: + description: Required. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are "OR"ed for evaluation. + items: + properties: + alpn: + description: 'Optional. ALPN (Application-Layer Protocol + Negotiation) to match against. Examples: "http/1.1", + "h2". At least one of sni_host and alpn is required. + Up to 5 alpns across all matches can be set.' + items: + type: string + type: array + sniHost: + description: Optional. SNI (server name indicator) to + match against. SNI will be matched against all wildcard + domains, i.e. www.example.com will be first matched + against www.example.com, then *.example.com, then *.com. + Partial wildcards are not supported, and values like + *w.example.com are invalid. At least one of sni_host + and alpn is required. Up to 5 sni hosts across all matches + can be set. + items: + type: string + type: array + type: object + type: array + required: + - action + - matches + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigguestpolicies.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigGuestPolicy + plural: osconfigguestpolicies + shortNames: + - gcposconfigguestpolicy + - gcposconfigguestpolicies + singular: osconfigguestpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assignment: + description: Specifies the VMs that are assigned this policy. This + allows you to target sets or groups of VMs by different parameters + such as labels, names, OS, or zones. Empty assignments will target + ALL VMs underneath this policy. Conflict Management Policies that + exist higher up in the resource hierarchy (closer to the Org) will + override those lower down if there is a conflict. At the same level + in the resource hierarchy (ie. within a project), the service will + prevent the creation of multiple policies that conflict with each + other. If there are multiple policies that specify the same config + (eg. package, software recipe, repository, etc.), the service will + ensure that no VM could potentially receive instructions from both + policies. To create multiple policies that specify different versions + of a package or different configs for different Operating Systems, + each policy must be mutually exclusive in their targeting according + to labels, OS, or other criteria. Different configs are identified + for conflicts in different ways. Packages are identified by their + name and the package manager(s) they target. Package repositories + are identified by their unique id where applicable. Some package + managers don't have a unique identifier for repositories and where + that's the case, no uniqueness is validated by the service. Note + that if OS Inventory is disabled, a VM will not be assigned a policy + that targets by OS because the service will see this VM's OS as + unknown. + properties: + groupLabels: + description: Targets instances matching at least one of these + label sets. This allows an assignment to target disparate groups, + for example "env=prod or env=staging". + items: + properties: + labels: + additionalProperties: + type: string + description: Google Compute Engine instance labels that + must be present for an instance to be included in this + assignment group. + type: object + type: object + type: array + instanceNamePrefixes: + description: Targets VM instances whose name starts with one of + these prefixes. Like labels, this is another way to group VM + instances when targeting configs, for example prefix="prod-". + Only supported for project-level policies. + items: + type: string + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + osTypes: + description: Targets VM instances matching at least one of the + following OS types. VM instances must match all supplied criteria + for a given OsType to be included. + items: + properties: + osArchitecture: + description: Targets VM instances with OS Inventory enabled + and having the following OS architecture. + type: string + osShortName: + description: Targets VM instances with OS Inventory enabled + and having the following OS short name, for example "debian" + or "windows". + type: string + osVersion: + description: Targets VM instances with OS Inventory enabled + and having the following following OS version. + type: string + type: object + type: array + zones: + description: Targets instances in any of these zones. Leave empty + to target instances in any zone. Zonal targeting is uncommon + and is supported to facilitate the management of changes by + zone. + items: + type: string + type: array + type: object + description: + description: Description of the GuestPolicy. Length of the description + is limited to 1024 characters. + type: string + packageRepositories: + description: List of package repository configurations assigned to + the VM instance. + items: + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Type of archive files in this repository. + The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, + DEB, DEB_SRC' + type: string + components: + description: Required. List of components for this repository. + Must contain at least one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this repository. + type: string + gpgKey: + description: URI of the key file for this repository. The + agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` + containing all the keys in any applied guest policy. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the Yum config file + and also the `display_name` if `display_name` is omitted. + This id is also used as the unique identifier when checking + for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the zypper config + file and also the `display_name` if `display_name` is + omitted. This id is also used as the unique identifier + when checking for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + type: array + packages: + description: List of package configurations assigned to the VM instance. + items: + properties: + desiredState: + description: 'The desired_state the agent should maintain for + this package. The default is to ensure the package is installed. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + manager: + description: 'Type of package manager that can be used to install + this package. If a system does not have the package manager, + the package is not installed or removed no error message is + returned. By default, or if you specify `ANY`, the agent attempts + to install and remove this package using the default package + manager. This is useful when creating a policy that applies + to different types of systems. The default behavior is ANY. + Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, + GOO' + type: string + name: + description: Required. The name of the package. A package is + uniquely identified for conflict validation by checking the + package name and the manager(s) that the package targets. + type: string + type: object + type: array + recipes: + description: Optional. A list of Recipes to install on the VM. + items: + properties: + artifacts: + description: Resources available to be used in the steps in + the recipe. + items: + properties: + allowInsecure: + description: 'Defaults to false. When false, recipes are + subject to validations based on the artifact type: Remote: + A checksum must be specified, and only protocols with + transport-layer security are permitted. GCS: An object + generation number must be specified.' + type: boolean + gcs: + description: A Google Cloud Storage artifact. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: Must be provided if allow_insecure is + false. Generation number of the Google Cloud Storage + object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `1234567`. + format: int64 + type: integer + object: + description: 'Name of the Google Cloud Storage object. + As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) + Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `foo/bar`.' + type: string + type: object + id: + description: Required. Id of the artifact, which the installation + and update steps of this recipe can reference. Artifacts + in a recipe cannot have the same id. + type: string + remote: + description: A generic remote artifact. + properties: + checksum: + description: Must be provided if `allow_insecure` + is `false`. SHA256 checksum in hex format, to compare + to the checksum of the artifact. If the checksum + is not empty and it doesn't match the artifact then + the recipe installation fails before running any + of the steps. + type: string + uri: + description: 'URI from which to fetch the object. + It should contain both the protocol and path following + the format: {protocol}://{location}.' + type: string + type: object + type: object + type: array + desiredState: + description: 'Default is INSTALLED. The desired state the agent + should maintain for this recipe. INSTALLED: The software recipe + is installed on the instance but won''t be updated to new + versions. UPDATED: The software recipe is installed on the + instance. The recipe is updated to a higher version, if a + higher version of the recipe is assigned to this instance. + REMOVE: Remove is unsupported for software recipes and attempts + to create or update a recipe to the REMOVE state is rejected. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + installSteps: + description: Actions to be taken for installing this recipe. + On failure it stops executing steps and does not attempt another + installation. Any steps taken (including partially completed + steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + name: + description: Required. Unique identifier for the recipe. Only + one recipe with a given name is installed on an instance. + Names are also used to identify resources which helps to determine + whether guest policies have conflicts. This means that requests + to create multiple recipes with the same name and version + are rejected since they could potentially have conflicting + assignments. + type: string + updateSteps: + description: Actions to be taken for updating this recipe. On + failure it stops executing steps and does not attempt another + update for this recipe. Any steps taken (including partially + completed steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + version: + description: The version of this software recipe. Version can + be up to 4 period separated numbers (e.g. 12.34.56.78). + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. Time this GuestPolicy was created. + format: date-time + type: string + etag: + description: The etag for this GuestPolicy. If this is provided on + update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Last time this GuestPolicy was updated. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigospolicyassignments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigOSPolicyAssignment + plural: osconfigospolicyassignments + shortNames: + - gcposconfigospolicyassignment + - gcposconfigospolicyassignments + singular: osconfigospolicyassignment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: OS policy assignment description. Length of the description + is limited to 1024 characters. + type: string + instanceFilter: + description: Required. Filter to select VMs. + properties: + all: + description: Target all VMs in the project. If true, no other + criteria is permitted. + type: boolean + exclusionLabels: + description: List of label sets used for VM exclusion. If the + list has more than one label set, the VM is excluded if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inclusionLabels: + description: List of label sets used for VM inclusion. If the + list has more than one `LabelSet`, the VM is included if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inventories: + description: List of inventories to select VMs. A VM is selected + if its inventory data matches at least one of the following + inventories. + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. For + example, to match all versions with a major version of + `7`, specify the following value for this field `7.*` + An empty string matches all OS versions. + type: string + required: + - osShortName + type: object + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + osPolicies: + description: Required. List of OS policies to be applied to the VMs. + items: + properties: + allowNoResourceGroupMatch: + description: This flag determines the OS policy compliance status + when none of the resource groups within the policy are applicable + for a VM. Set this value to `true` if the policy needs to + be reported as compliant even if the policy has nothing to + validate or enforce. + type: boolean + description: + description: Policy description. Length of the description is + limited to 1024 characters. + type: string + id: + description: 'Required. The id of the OS policy with the following + restrictions: * Must contain only lowercase letters, numbers, + and hyphens. * Must start with a letter. * Must be between + 1-63 characters. * Must end with a number or a letter. * Must + be unique within the assignment.' + type: string + mode: + description: 'Required. Policy mode Possible values: MODE_UNSPECIFIED, + VALIDATION, ENFORCEMENT' + type: string + resourceGroups: + description: Required. List of resource groups for the policy. + For a particular VM, resource groups are evaluated in the + order specified and the first resource group that is applicable + is selected and the rest are ignored. If none of the resource + groups are applicable for a VM, the VM is considered to be + non-compliant w.r.t this policy. This behavior can be toggled + by the flag `allow_no_resource_group_match` + items: + properties: + inventoryFilters: + description: 'List of inventory filters for the resource + group. The resources in this resource group are applied + to the target VM if it satisfies at least one of the + following inventory filters. For example, to apply this + resource group to VMs running either `RHEL` or `CentOS` + operating systems, specify 2 items for the list with + following values: inventory_filters[0].os_short_name=''rhel'' + and inventory_filters[1].os_short_name=''centos'' If + the list is empty, this resource group will be applied + to the target VM unconditionally.' + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. + For example, to match all versions with a major + version of `7`, specify the following value for + this field `7.*` An empty string matches all OS + versions. + type: string + required: + - osShortName + type: object + type: array + resources: + description: Required. List of resources configured for + this resource group. The resources are executed in the + exact order specified here. + items: + properties: + exec: + description: Exec resource + properties: + enforce: + description: What to run to bring this resource + into the desired state. An exit code of 100 + indicates "success", any other exit code indicates + a failure running enforce. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + validate: + description: Required. What to run to validate + this resource is in the desired state. An + exit code of 100 indicates "in desired state", + and exit code of 101 indicates "not in desired + state". Any other exit code indicates a failure + running validate. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + required: + - validate + type: object + file: + description: File resource + properties: + content: + description: A a file with this content. The + size of the content is limited to 1024 characters. + type: string + file: + description: A remote or local source. + properties: + allowInsecure: + description: 'Defaults to false. When false, + files are subject to validations based + on the file type: Remote: A checksum must + be specified. Cloud Storage: An object + generation number must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of the + Cloud Storage object. + type: string + generation: + description: Generation number of the + Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the Cloud + Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the VM + to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of the + remote file. + type: string + uri: + description: Required. URI from which + to fetch the object. It should contain + both the protocol and path following + the format `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + path: + description: Required. The absolute path of + the file within the VM. + type: string + permissions: + description: 'Consists of three octal digits + which represent, in order, the permissions + of the owner, group, and other users for the + file (similarly to the numeric mode used in + the linux chmod utility). Each digit represents + a three bit number with the 4 bit corresponding + to the read permissions, the 2 bit corresponds + to the write bit, and the one bit corresponds + to the execute permission. Default behavior + is 755. Below are some examples of permissions + and their associated values: read, write, + and execute: 7 read and execute: 5 read and + write: 6 read only: 4' + type: string + state: + description: 'Required. Desired state of the + file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, + COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE' + type: string + required: + - path + - state + type: object + id: + description: 'Required. The id of the resource with + the following restrictions: * Must contain only + lowercase letters, numbers, and hyphens. * Must + start with a letter. * Must be between 1-63 characters. + * Must end with a number or a letter. * Must be + unique within the OS policy.' + type: string + pkg: + description: Package resource + properties: + apt: + description: A package managed by Apt. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + deb: + description: A deb package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `dpkg -i package` - install when true: + `apt-get update && apt-get -y install + package.deb`' + type: boolean + source: + description: Required. A deb package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + desiredState: + description: 'Required. The desired state the + agent should maintain for this package. Possible + values: DESIRED_STATE_UNSPECIFIED, INSTALLED, + REMOVED' + type: string + googet: + description: A package managed by GooGet. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + msi: + description: An MSI package. + properties: + properties: + description: Additional properties to use + during installation. This should be in + the format of Property=Setting. Appended + to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. + items: + type: string + type: array + source: + description: Required. The MSI package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + rpm: + description: An rpm package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `rpm --upgrade --replacepkgs package.rpm` + - install when true: `yum -y install package.rpm` + or `zypper -y install package.rpm`' + type: boolean + source: + description: Required. An rpm package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + yum: + description: A package managed by YUM. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + zypper: + description: A package managed by Zypper. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + required: + - desiredState + type: object + repository: + description: Package repository resource + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Required. Type of archive + files in this repository. Possible values: + ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' + type: string + components: + description: Required. List of components + for this repository. Must contain at least + one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this + repository. + type: string + gpgKey: + description: URI of the key file for this + repository. The agent maintains a keyring + at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - archiveType + - components + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the yum config file and also + the `display_name` if `display_name` is + omitted. This id is also used as the unique + identifier when checking for resource + conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the zypper config file and + also the `display_name` if `display_name` + is omitted. This id is also used as the + unique identifier when checking for GuestPolicy + conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is not set, the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schemaSettings: + description: Settings for validating messages published against a + schema. + properties: + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - schemaRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com +spec: + group: recaptchaenterprise.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys + shortNames: + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array + type: object + displayName: + description: Human-readable display name of this key. Modifiable by + user. + type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. + properties: + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. + type: boolean + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. + type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. + type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string + tier: + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + type: string + required: + - memorySizeGb + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string + type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time of creation. + type: string + name: + description: A system-generated unique identifier for this Lien. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies + shortNames: + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. + properties: + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced + type: object + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . + properties: + allow: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean + required: + - default + type: object + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: Required. The template used to create revisions for this + Service. + properties: + annotations: + additionalProperties: + type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: + type: string + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. + properties: + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. + properties: + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + name: + description: Required. Volume's name. + type: string + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' + format: int64 + type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object + type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string + type: object + type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. + properties: + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecret + plural: secretmanagersecrets + shortNames: + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. + items: + properties: + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string + required: + - location + type: object + type: array + required: + - replicas + type: object + type: object + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. + properties: + nextRotationTime: + description: |- + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. + type: string + type: object + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - replication + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions + shortNames: + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretRef: + description: Secret Manager secret resource + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string + name: + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints + shortNames: + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer + resourceID: + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces + shortNames: + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryService + plural: servicedirectoryservices + shortNames: + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - namespaceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceIdentity + plural: serviceidentities + shortNames: + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com +spec: + group: servicenetworking.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections + shortNames: + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. + type: string + required: + - networkRef + - reservedPeeringRanges + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + peering: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: services.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com +spec: + group: sourcerepo.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SourceRepoRepository + plural: sourcereporepositories + shortNames: + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: An explanation of the status of the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerinstances.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerInstance + plural: spannerinstances + shortNames: + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: |- + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + type: string + displayName: + description: |- + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - config + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqldatabases.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLDatabase + plural: sqldatabases + shortNames: + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlinstances.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLInstance + plural: sqlinstances + shortNames: + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. + type: string + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: string + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. + type: string + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. + type: string + required: + - tier + type: object + required: + - settings + type: object + status: + properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlsslcerts.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLSSLCert + plural: sqlsslcerts + shortNames: + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - commonName + - instanceRef + type: object + status: + properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlusers.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLUser + plural: sqlusers + shortNames: + - gcpsqluser + - gcpsqlusers + singular: sqluser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + password: + description: |- + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. + type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols + shortNames: + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' + type: string + required: + - bucketRef + - entity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebuckets.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucket + plural: storagebuckets + shortNames: + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object + required: + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. + properties: + logBucket: + description: The bucket that will receive log objects. + type: string + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. + type: string + required: + - logBucket + type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols + shortNames: + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' + type: string + required: + - bucketRef + - entity + - role + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagenotifications.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageNotification + plural: storagenotifications + shortNames: + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. + type: string + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". + type: string + resourceID: + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - bucketRef + - payloadFormat + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notificationId: + description: The ID of the created notification. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferJob + plural: storagetransferjobs + shortNames: + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Unique description to identify the Transfer Job. + type: string + notificationConfig: + description: Notification configuration. + properties: + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - payloadFormat + - topicRef + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. + properties: + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' + type: string + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. + properties: + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. + type: integer + required: + - hours + - minutes + - nanos + - seconds + type: object + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. + properties: + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. + type: string + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. + type: string + required: + - bucketName + type: object + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. + properties: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + gcsDataSource: + description: A Google Cloud Storage data source. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. + type: string + required: + - listUrl + type: object + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object + type: object + required: + - description + - transferSpec + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: When the Transfer Job was created. + type: string + deletionTime: + description: When the Transfer Job was deleted. + type: string + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagBinding + plural: tagstagbindings + shortNames: + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagkeys.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagKey + plural: tagstagkeys + shortNames: + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parent + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagvalues.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagValue + plural: tagstagvalues + shortNames: + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parentRef + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: vpcaccessconnectors.vpcaccess.cnrm.cloud.google.com +spec: + group: vpcaccess.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VPCAccessConnector + plural: vpcaccessconnectors + shortNames: + - gcpvpcaccessconnector + - gcpvpcaccessconnectors + singular: vpcaccessconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ipCidrRange: + description: 'Immutable. The range of internal addresses that follows + RFC 4632 notation. Example: `10.132.0.0/28`.' + type: string + location: + description: Immutable. The location for the resource + type: string + machineType: + description: Immutable. Machine type of VM Instance underlying connector. + Default is e2-micro + type: string + maxInstances: + description: Immutable. Maximum value of instances in autoscaling + group underlying the connector. + format: int64 + type: integer + maxThroughput: + description: Immutable. Maximum throughput of the connector in Mbps. + Default is 200, max is 1000. + format: int64 + type: integer + minInstances: + description: Immutable. Minimum value of instances in autoscaling + group underlying the connector. + format: int64 + type: integer + minThroughput: + description: Immutable. Minimum throughput of the connector in Mbps. + Default and min is 200. + format: int64 + type: integer + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of a VPC network. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnet: + description: Immutable. The subnet in which to house the VPC Access + Connector. + properties: + nameRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be: {subnetName} + + Allowed value: The Google Cloud resource name of a `ComputeSubnetwork` resource (format: `projects/{{project}}/regions/{{region}}/subnetworks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedProjects: + description: Output only. List of projects using the connector. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the VPC access connector. Possible + values: STATE_UNSPECIFIED, READY, CREATING, DELETING, ERROR, UPDATING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml index 1c0ef60a03..110100a7c4 100644 --- a/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-controller-manager @@ -35,7 +35,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -45,7 +45,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -55,7 +55,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -65,7 +65,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -86,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -107,7 +107,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -768,7 +768,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role @@ -818,7 +818,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-cluster-role @@ -876,7 +876,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-ns-role @@ -901,7 +901,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-role @@ -931,7 +931,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -1375,7 +1375,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1438,7 +1438,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1456,7 +1456,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1474,7 +1474,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1497,7 +1497,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1514,7 +1514,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -1531,7 +1531,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -1548,7 +1548,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1565,7 +1565,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1582,7 +1582,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1599,7 +1599,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -1621,7 +1621,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1642,7 +1642,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1660,7 +1660,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1673,8 +1673,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.101.0 - image: gcr.io/cnrm-eap/recorder:411c879 + value: 1.102.0 + image: gcr.io/cnrm-eap/recorder:fc8237b imagePullPolicy: Always name: recorder ports: @@ -1708,7 +1708,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1723,7 +1723,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1736,7 +1736,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:411c879 + image: gcr.io/cnrm-eap/webhook:fc8237b imagePullPolicy: Always name: webhook ports: @@ -1766,7 +1766,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1781,7 +1781,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1794,7 +1794,7 @@ spec: env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/key.json - image: gcr.io/cnrm-eap/controller:411c879 + image: gcr.io/cnrm-eap/controller:fc8237b imagePullPolicy: Always name: manager ports: @@ -1831,7 +1831,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1846,7 +1846,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1854,7 +1854,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:411c879 + image: gcr.io/cnrm-eap/deletiondefender:fc8237b imagePullPolicy: Always name: deletiondefender ports: @@ -1885,7 +1885,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-gcp-identity/crds.yaml b/install-bundles/install-bundle-gcp-identity/crds.yaml index 7df542fc34..1871feb5e1 100644 --- a/install-bundles/install-bundle-gcp-identity/crds.yaml +++ b/install-bundles/install-bundle-gcp-identity/crds.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +402,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +532,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,7 +1740,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -1915,7 +1915,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -2209,7 +2209,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2326,11 +2326,108 @@ spec: Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' type: string type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: description: Immutable. Optional. The repositoryId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - format - location @@ -2400,7 +2497,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2753,7 +2850,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3594,7 +3691,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3856,7 +3953,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4320,7 +4417,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4497,7 +4594,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4718,7 +4815,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4942,7 +5039,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5111,7 +5208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -5570,7 +5667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -5838,7 +5935,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -6263,7 +6360,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -6331,6 +6428,94 @@ spec: to be explicitly approved to start." type: boolean type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object build: description: Contents of the build template. Either a filename or build template must be provided. @@ -7022,6 +7207,38 @@ spec: One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: description: |- Name of the repository. For example: The name for @@ -7508,7 +7725,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -7940,7 +8157,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8138,7 +8355,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -8405,7 +8622,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -8943,7 +9160,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9067,23 +9284,24 @@ spec: type: integer purpose: description: |- - Immutable. The purpose of this resource, which can be one of the following values: + Immutable. The purpose of this resource, which can be one of the following values. * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, internal load balancers, and similar resources. + ranges, load balancers, and similar resources. * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. + internal load balancers. * VPC_PEERING for addresses that are reserved for VPC peer networks. - * IPSEC_INTERCONNECT for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud - Interconnect configuration. These addresses are regional resources. + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. - * PRIVATE_SERVICE_CONNECT for a private network address that is used - to configure Private Service Connect. Only global internal addresses - can use this purpose. This should only be set when using an Internal address. type: string @@ -9196,7 +9414,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9466,7 +9684,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10710,7 +10928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10891,6 +11109,48 @@ spec: type: object type: object type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied @@ -11361,7 +11621,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11507,7 +11767,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -11727,7 +11987,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -11919,7 +12179,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -12209,7 +12469,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -12589,7 +12849,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13247,7 +13507,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13711,7 +13971,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13872,7 +14132,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14033,7 +14293,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14382,7 +14642,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -15161,7 +15421,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15364,7 +15624,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16132,6 +16392,10 @@ spec: description: Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. @@ -16322,7 +16586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17119,6 +17383,10 @@ spec: description: Immutable. Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. @@ -17297,7 +17565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17393,19 +17661,18 @@ spec: encryption: description: |- Immutable. Indicates the user-supplied encryption option of this interconnect - attachment: - - NONE is the default value, which means that the attachment carries - unencrypted traffic. VMs can send traffic to, or receive traffic - from, this type of attachment. + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. - IPSEC indicates that the attachment carries only traffic encrypted by - an IPsec device such as an HA VPN gateway. VMs cannot directly send - traffic to, or receive traffic from, such an attachment. To use - IPsec-encrypted Cloud Interconnect create the attachment using this - option. + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. - Not currently available publicly. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. type: string interconnect: description: |- @@ -17623,7 +17890,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17833,7 +18100,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18028,7 +18295,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18199,7 +18466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18489,7 +18756,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18670,7 +18937,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -19070,7 +19337,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19188,7 +19455,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19494,7 +19761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19708,7 +19975,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19784,6 +20051,9 @@ spec: with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy attached. Possible values: ["COLLOCATED"]. type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer vmCount: description: |- Immutable. Number of VMs in this placement group. Google does not recommend that you use this field @@ -20014,7 +20284,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20306,7 +20576,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20763,7 +21033,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21102,7 +21372,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21208,11 +21478,16 @@ spec: type: integer keepaliveInterval: description: |- - The interval in seconds between BGP keepalive messages that are sent to the peer. - Hold time is three times the interval at which keepalive messages are sent, and the hold time is the - maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. - BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for - the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20. + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. type: integer required: - asn @@ -21222,10 +21497,8 @@ spec: type: string encryptedInterconnectRouter: description: |- - Immutable. Field to indicate if a router is dedicated to use with encrypted - Interconnect Attachment (IPsec-encrypted Cloud Interconnect feature). - - Not currently available publicly. + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). type: boolean networkRef: description: A reference to the network to which this router belongs. @@ -21326,7 +21599,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21605,7 +21878,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22061,6 +22334,24 @@ spec: description: Determines the key to enforce the rateLimitThreshold on. type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header @@ -22205,7 +22496,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -22552,7 +22843,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22658,7 +22949,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22714,6 +23005,11 @@ spec: type: object spec: properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string projectRef: oneOf: - not: @@ -22797,7 +23093,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23196,7 +23492,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23414,7 +23710,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23577,7 +23873,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23865,7 +24161,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24043,7 +24339,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24213,7 +24509,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24490,7 +24786,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24686,7 +24982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24912,7 +25208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25173,7 +25469,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25340,7 +25636,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25501,7 +25797,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28195,7 +28491,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28394,7 +28690,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28766,7 +29062,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29082,7 +29378,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29671,7 +29967,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30681,6 +30977,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -31092,6 +31392,26 @@ spec: By default, no private IPv6 access to or from Google Services (all access will be via IPv4). type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object releaseChannel: description: Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. @@ -31286,7 +31606,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -31578,6 +31898,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -31931,7 +32255,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32127,7 +32451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32301,7 +32625,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32427,7 +32751,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32713,7 +33037,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -32992,7 +33316,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -33287,7 +33611,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -35102,7 +35426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -37044,7 +37368,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -41220,7 +41544,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -41832,7 +42156,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -43308,7 +43632,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -43679,7 +44003,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44066,7 +44390,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44262,7 +44586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44460,7 +44784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -44949,7 +45273,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -45171,7 +45495,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -45500,7 +45824,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -45654,7 +45978,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -45867,7 +46191,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46200,8 +46524,8 @@ spec: description: Manage Mesh Features properties: controlPlane: - description: 'Whether to automatically manage Service Mesh control - planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL' type: string management: @@ -46299,7 +46623,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46539,7 +46863,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46904,7 +47228,208 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47065,7 +47590,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47205,7 +47730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47530,7 +48055,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47758,7 +48283,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47998,7 +48523,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -48177,7 +48702,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -48319,7 +48844,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -48571,7 +49096,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -48752,7 +49277,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49048,7 +49573,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49215,7 +49740,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49341,7 +49866,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49495,7 +50020,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50187,7 +50712,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50370,7 +50895,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50587,7 +51112,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50740,7 +51265,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -50932,7 +51457,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51058,7 +51583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51342,7 +51867,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51617,7 +52142,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52038,7 +52563,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52442,7 +52967,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52746,7 +53271,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53083,7 +53608,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53898,7 +54423,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -60780,7 +61305,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -60971,7 +61496,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61266,7 +61791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61393,7 +61918,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -61694,7 +62219,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62265,7 +62790,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62424,7 +62949,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62803,7 +63328,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62985,7 +63510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63330,7 +63855,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63588,7 +64113,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63817,7 +64342,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64061,7 +64586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64382,7 +64907,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64608,7 +65133,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65075,7 +65600,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65809,7 +66334,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65985,7 +66510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66315,7 +66840,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66636,7 +67161,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67405,7 +67930,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68407,7 +68932,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68903,7 +69428,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -69901,7 +70426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -70812,7 +71337,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -71228,7 +71753,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71453,7 +71978,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71609,7 +72134,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71765,7 +72290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -72186,7 +72711,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -72403,7 +72928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -72639,7 +73164,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73122,7 +73647,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73300,7 +73825,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73581,7 +74106,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -74463,7 +74988,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74725,7 +75250,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74928,7 +75453,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75148,7 +75673,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75305,7 +75830,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75457,7 +75982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75604,7 +76129,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75782,7 +76307,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75923,7 +76448,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76122,7 +76647,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76329,7 +76854,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76469,7 +76994,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76640,7 +77165,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76732,6 +77257,10 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string maintenanceVersion: description: Maintenance version. type: string @@ -77350,7 +77879,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77526,7 +78055,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77767,7 +78296,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77937,7 +78466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78311,7 +78840,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78497,7 +79026,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78700,7 +79229,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79211,6 +79740,16 @@ spec: required: - rootDirectory type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string transferOptions: description: Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink @@ -79309,7 +79848,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79486,7 +80025,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79651,7 +80190,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79825,7 +80364,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml b/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml index e769f16e9c..95b089f869 100644 --- a/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -35,7 +35,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -45,7 +45,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector @@ -55,7 +55,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -65,7 +65,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -86,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -107,7 +107,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -768,7 +768,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role @@ -818,7 +818,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-cluster-role @@ -876,7 +876,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-ns-role @@ -901,7 +901,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-role @@ -931,7 +931,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector-cluster-role @@ -962,7 +962,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -1406,7 +1406,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1469,7 +1469,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1487,7 +1487,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1505,7 +1505,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1528,7 +1528,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1545,7 +1545,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1562,7 +1562,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector-binding @@ -1579,7 +1579,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1596,7 +1596,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1613,7 +1613,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1634,7 +1634,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1652,7 +1652,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1665,8 +1665,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.101.0 - image: gcr.io/cnrm-eap/recorder:411c879 + value: 1.102.0 + image: gcr.io/cnrm-eap/recorder:fc8237b imagePullPolicy: Always name: recorder ports: @@ -1700,7 +1700,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1715,7 +1715,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1728,7 +1728,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:411c879 + image: gcr.io/cnrm-eap/webhook:fc8237b imagePullPolicy: Always name: webhook ports: @@ -1758,7 +1758,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1773,7 +1773,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1781,7 +1781,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:411c879 + image: gcr.io/cnrm-eap/deletiondefender:fc8237b imagePullPolicy: Always name: deletiondefender ports: @@ -1811,7 +1811,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-unmanaged-detector cnrm.cloud.google.com/system: "true" @@ -1826,7 +1826,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-unmanaged-detector cnrm.cloud.google.com/system: "true" @@ -1834,7 +1834,7 @@ spec: containers: - command: - /configconnector/unmanageddetector - image: gcr.io/cnrm-eap/unmanageddetector:411c879 + image: gcr.io/cnrm-eap/unmanageddetector:fc8237b imagePullPolicy: Always name: unmanageddetector ports: @@ -1865,7 +1865,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-namespaced/crds.yaml b/install-bundles/install-bundle-namespaced/crds.yaml index 7df542fc34..1871feb5e1 100644 --- a/install-bundles/install-bundle-namespaced/crds.yaml +++ b/install-bundles/install-bundle-namespaced/crds.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +402,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +532,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,7 +1740,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -1915,7 +1915,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -2209,7 +2209,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2326,11 +2326,108 @@ spec: Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' type: string type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: description: Immutable. Optional. The repositoryId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - format - location @@ -2400,7 +2497,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2753,7 +2850,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3594,7 +3691,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3856,7 +3953,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4320,7 +4417,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4497,7 +4594,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4718,7 +4815,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4942,7 +5039,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5111,7 +5208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -5570,7 +5667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -5838,7 +5935,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -6263,7 +6360,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -6331,6 +6428,94 @@ spec: to be explicitly approved to start." type: boolean type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object build: description: Contents of the build template. Either a filename or build template must be provided. @@ -7022,6 +7207,38 @@ spec: One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: description: |- Name of the repository. For example: The name for @@ -7508,7 +7725,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -7940,7 +8157,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8138,7 +8355,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -8405,7 +8622,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -8943,7 +9160,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9067,23 +9284,24 @@ spec: type: integer purpose: description: |- - Immutable. The purpose of this resource, which can be one of the following values: + Immutable. The purpose of this resource, which can be one of the following values. * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, internal load balancers, and similar resources. + ranges, load balancers, and similar resources. * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. + internal load balancers. * VPC_PEERING for addresses that are reserved for VPC peer networks. - * IPSEC_INTERCONNECT for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud - Interconnect configuration. These addresses are regional resources. + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. - * PRIVATE_SERVICE_CONNECT for a private network address that is used - to configure Private Service Connect. Only global internal addresses - can use this purpose. This should only be set when using an Internal address. type: string @@ -9196,7 +9414,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9466,7 +9684,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10710,7 +10928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10891,6 +11109,48 @@ spec: type: object type: object type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied @@ -11361,7 +11621,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11507,7 +11767,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -11727,7 +11987,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -11919,7 +12179,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -12209,7 +12469,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -12589,7 +12849,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13247,7 +13507,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13711,7 +13971,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13872,7 +14132,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14033,7 +14293,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14382,7 +14642,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -15161,7 +15421,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15364,7 +15624,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16132,6 +16392,10 @@ spec: description: Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. @@ -16322,7 +16586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17119,6 +17383,10 @@ spec: description: Immutable. Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. @@ -17297,7 +17565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17393,19 +17661,18 @@ spec: encryption: description: |- Immutable. Indicates the user-supplied encryption option of this interconnect - attachment: - - NONE is the default value, which means that the attachment carries - unencrypted traffic. VMs can send traffic to, or receive traffic - from, this type of attachment. + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. - IPSEC indicates that the attachment carries only traffic encrypted by - an IPsec device such as an HA VPN gateway. VMs cannot directly send - traffic to, or receive traffic from, such an attachment. To use - IPsec-encrypted Cloud Interconnect create the attachment using this - option. + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. - Not currently available publicly. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. type: string interconnect: description: |- @@ -17623,7 +17890,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17833,7 +18100,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18028,7 +18295,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18199,7 +18466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18489,7 +18756,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18670,7 +18937,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -19070,7 +19337,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19188,7 +19455,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19494,7 +19761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19708,7 +19975,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19784,6 +20051,9 @@ spec: with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy attached. Possible values: ["COLLOCATED"]. type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer vmCount: description: |- Immutable. Number of VMs in this placement group. Google does not recommend that you use this field @@ -20014,7 +20284,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20306,7 +20576,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20763,7 +21033,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21102,7 +21372,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21208,11 +21478,16 @@ spec: type: integer keepaliveInterval: description: |- - The interval in seconds between BGP keepalive messages that are sent to the peer. - Hold time is three times the interval at which keepalive messages are sent, and the hold time is the - maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. - BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for - the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20. + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. type: integer required: - asn @@ -21222,10 +21497,8 @@ spec: type: string encryptedInterconnectRouter: description: |- - Immutable. Field to indicate if a router is dedicated to use with encrypted - Interconnect Attachment (IPsec-encrypted Cloud Interconnect feature). - - Not currently available publicly. + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). type: boolean networkRef: description: A reference to the network to which this router belongs. @@ -21326,7 +21599,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21605,7 +21878,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22061,6 +22334,24 @@ spec: description: Determines the key to enforce the rateLimitThreshold on. type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header @@ -22205,7 +22496,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -22552,7 +22843,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22658,7 +22949,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22714,6 +23005,11 @@ spec: type: object spec: properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string projectRef: oneOf: - not: @@ -22797,7 +23093,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23196,7 +23492,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23414,7 +23710,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23577,7 +23873,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23865,7 +24161,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24043,7 +24339,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24213,7 +24509,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24490,7 +24786,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24686,7 +24982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24912,7 +25208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25173,7 +25469,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25340,7 +25636,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25501,7 +25797,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28195,7 +28491,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28394,7 +28690,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28766,7 +29062,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29082,7 +29378,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29671,7 +29967,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30681,6 +30977,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -31092,6 +31392,26 @@ spec: By default, no private IPv6 access to or from Google Services (all access will be via IPv4). type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object releaseChannel: description: Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. @@ -31286,7 +31606,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -31578,6 +31898,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -31931,7 +32255,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32127,7 +32451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32301,7 +32625,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32427,7 +32751,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32713,7 +33037,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -32992,7 +33316,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -33287,7 +33611,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -35102,7 +35426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -37044,7 +37368,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -41220,7 +41544,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -41832,7 +42156,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -43308,7 +43632,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -43679,7 +44003,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44066,7 +44390,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44262,7 +44586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44460,7 +44784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -44949,7 +45273,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -45171,7 +45495,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -45500,7 +45824,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -45654,7 +45978,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -45867,7 +46191,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46200,8 +46524,8 @@ spec: description: Manage Mesh Features properties: controlPlane: - description: 'Whether to automatically manage Service Mesh control - planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL' type: string management: @@ -46299,7 +46623,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46539,7 +46863,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46904,7 +47228,208 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47065,7 +47590,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47205,7 +47730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47530,7 +48055,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47758,7 +48283,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47998,7 +48523,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -48177,7 +48702,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -48319,7 +48844,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -48571,7 +49096,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -48752,7 +49277,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49048,7 +49573,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49215,7 +49740,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49341,7 +49866,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49495,7 +50020,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50187,7 +50712,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50370,7 +50895,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50587,7 +51112,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50740,7 +51265,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -50932,7 +51457,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51058,7 +51583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51342,7 +51867,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51617,7 +52142,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52038,7 +52563,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52442,7 +52967,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52746,7 +53271,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53083,7 +53608,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53898,7 +54423,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -60780,7 +61305,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -60971,7 +61496,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61266,7 +61791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61393,7 +61918,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -61694,7 +62219,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62265,7 +62790,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62424,7 +62949,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62803,7 +63328,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62985,7 +63510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63330,7 +63855,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63588,7 +64113,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63817,7 +64342,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64061,7 +64586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64382,7 +64907,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64608,7 +65133,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65075,7 +65600,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65809,7 +66334,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65985,7 +66510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66315,7 +66840,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66636,7 +67161,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67405,7 +67930,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68407,7 +68932,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68903,7 +69428,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -69901,7 +70426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -70812,7 +71337,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -71228,7 +71753,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71453,7 +71978,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71609,7 +72134,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71765,7 +72290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -72186,7 +72711,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -72403,7 +72928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -72639,7 +73164,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73122,7 +73647,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73300,7 +73825,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73581,7 +74106,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -74463,7 +74988,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74725,7 +75250,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74928,7 +75453,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75148,7 +75673,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75305,7 +75830,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75457,7 +75982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75604,7 +76129,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75782,7 +76307,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75923,7 +76448,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76122,7 +76647,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76329,7 +76854,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76469,7 +76994,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76640,7 +77165,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76732,6 +77257,10 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string maintenanceVersion: description: Maintenance version. type: string @@ -77350,7 +77879,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77526,7 +78055,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77767,7 +78296,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77937,7 +78466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78311,7 +78840,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78497,7 +79026,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78700,7 +79229,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79211,6 +79740,16 @@ spec: required: - rootDirectory type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string transferOptions: description: Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink @@ -79309,7 +79848,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79486,7 +80025,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79651,7 +80190,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79825,7 +80364,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/install-bundles/install-bundle-namespaced/per-namespace-components.yaml b/install-bundles/install-bundle-namespaced/per-namespace-components.yaml index 2ccfc42034..a12ecc3d85 100644 --- a/install-bundles/install-bundle-namespaced/per-namespace-components.yaml +++ b/install-bundles/install-bundle-namespaced/per-namespace-components.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 iam.gke.io/gcp-service-account: cnrm-system-${NAMESPACE?}@${PROJECT_ID?}.iam.gserviceaccount.com labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -47,7 +47,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -85,7 +85,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -103,7 +103,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -127,7 +127,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -144,7 +144,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -156,7 +156,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:411c879 + image: gcr.io/cnrm-eap/controller:fc8237b imagePullPolicy: Always name: manager ports: diff --git a/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml index 66827ffb35..dd10256d7f 100644 --- a/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com labels: cnrm.cloud.google.com/system: "true" @@ -36,7 +36,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -46,7 +46,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -56,7 +56,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -87,7 +87,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -108,7 +108,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -769,7 +769,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role @@ -819,7 +819,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-cluster-role @@ -877,7 +877,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-ns-role @@ -902,7 +902,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-role @@ -932,7 +932,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -1376,7 +1376,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1439,7 +1439,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1457,7 +1457,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1475,7 +1475,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1498,7 +1498,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1515,7 +1515,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -1532,7 +1532,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -1549,7 +1549,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1566,7 +1566,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1583,7 +1583,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1600,7 +1600,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -1622,7 +1622,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1643,7 +1643,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1661,7 +1661,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1674,8 +1674,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.101.0 - image: gcr.io/cnrm-eap/recorder:411c879 + value: 1.102.0 + image: gcr.io/cnrm-eap/recorder:fc8237b imagePullPolicy: Always name: recorder ports: @@ -1709,7 +1709,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1724,7 +1724,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1737,7 +1737,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:411c879 + image: gcr.io/cnrm-eap/webhook:fc8237b imagePullPolicy: Always name: webhook ports: @@ -1767,7 +1767,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1782,7 +1782,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1792,7 +1792,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:411c879 + image: gcr.io/cnrm-eap/controller:fc8237b imagePullPolicy: Always name: manager ports: @@ -1822,7 +1822,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1837,7 +1837,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1845,7 +1845,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:411c879 + image: gcr.io/cnrm-eap/deletiondefender:fc8237b imagePullPolicy: Always name: deletiondefender ports: @@ -1876,7 +1876,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-workload-identity/crds.yaml b/install-bundles/install-bundle-workload-identity/crds.yaml index 7df542fc34..1871feb5e1 100644 --- a/install-bundles/install-bundle-workload-identity/crds.yaml +++ b/install-bundles/install-bundle-workload-identity/crds.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +402,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +532,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,7 +1740,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -1915,7 +1915,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -2209,7 +2209,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2326,11 +2326,108 @@ spec: Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' type: string type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: description: Immutable. Optional. The repositoryId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - format - location @@ -2400,7 +2497,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -2753,7 +2850,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3594,7 +3691,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -3856,7 +3953,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4320,7 +4417,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4497,7 +4594,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4718,7 +4815,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -4942,7 +5039,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -5111,7 +5208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -5570,7 +5667,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -5838,7 +5935,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -6263,7 +6360,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -6331,6 +6428,94 @@ spec: to be explicitly approved to start." type: boolean type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object build: description: Contents of the build template. Either a filename or build template must be provided. @@ -7022,6 +7207,38 @@ spec: One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: description: |- Name of the repository. For example: The name for @@ -7508,7 +7725,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -7940,7 +8157,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -8138,7 +8355,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -8405,7 +8622,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -8943,7 +9160,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9067,23 +9284,24 @@ spec: type: integer purpose: description: |- - Immutable. The purpose of this resource, which can be one of the following values: + Immutable. The purpose of this resource, which can be one of the following values. * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, internal load balancers, and similar resources. + ranges, load balancers, and similar resources. * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. + internal load balancers. * VPC_PEERING for addresses that are reserved for VPC peer networks. - * IPSEC_INTERCONNECT for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud - Interconnect configuration. These addresses are regional resources. + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. - * PRIVATE_SERVICE_CONNECT for a private network address that is used - to configure Private Service Connect. Only global internal addresses - can use this purpose. This should only be set when using an Internal address. type: string @@ -9196,7 +9414,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -9466,7 +9684,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10710,7 +10928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -10891,6 +11109,48 @@ spec: type: object type: object type: object + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object sha256: description: |- The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied @@ -11361,7 +11621,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -11507,7 +11767,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -11727,7 +11987,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -11919,7 +12179,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -12209,7 +12469,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -12589,7 +12849,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13247,7 +13507,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13711,7 +13971,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -13872,7 +14132,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14033,7 +14293,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -14382,7 +14642,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -15161,7 +15421,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -15364,7 +15624,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -16132,6 +16392,10 @@ spec: description: Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. @@ -16322,7 +16586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17119,6 +17383,10 @@ spec: description: Immutable. Specifies the action GCE should take when SPOT VM is preempted. type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string maxRunDuration: description: Immutable. The timeout for new network connections to hosts. @@ -17297,7 +17565,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17393,19 +17661,18 @@ spec: encryption: description: |- Immutable. Indicates the user-supplied encryption option of this interconnect - attachment: - - NONE is the default value, which means that the attachment carries - unencrypted traffic. VMs can send traffic to, or receive traffic - from, this type of attachment. + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. - IPSEC indicates that the attachment carries only traffic encrypted by - an IPsec device such as an HA VPN gateway. VMs cannot directly send - traffic to, or receive traffic from, such an attachment. To use - IPsec-encrypted Cloud Interconnect create the attachment using this - option. + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. - Not currently available publicly. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. type: string interconnect: description: |- @@ -17623,7 +17890,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -17833,7 +18100,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18028,7 +18295,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18199,7 +18466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18489,7 +18756,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -18670,7 +18937,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -19070,7 +19337,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19188,7 +19455,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19494,7 +19761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19708,7 +19975,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -19784,6 +20051,9 @@ spec: with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy attached. Possible values: ["COLLOCATED"]. type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer vmCount: description: |- Immutable. Number of VMs in this placement group. Google does not recommend that you use this field @@ -20014,7 +20284,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20306,7 +20576,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -20763,7 +21033,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21102,7 +21372,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21208,11 +21478,16 @@ spec: type: integer keepaliveInterval: description: |- - The interval in seconds between BGP keepalive messages that are sent to the peer. - Hold time is three times the interval at which keepalive messages are sent, and the hold time is the - maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. - BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for - the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20. + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. type: integer required: - asn @@ -21222,10 +21497,8 @@ spec: type: string encryptedInterconnectRouter: description: |- - Immutable. Field to indicate if a router is dedicated to use with encrypted - Interconnect Attachment (IPsec-encrypted Cloud Interconnect feature). - - Not currently available publicly. + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). type: boolean networkRef: description: A reference to the network to which this router belongs. @@ -21326,7 +21599,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -21605,7 +21878,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22061,6 +22334,24 @@ spec: description: Determines the key to enforce the rateLimitThreshold on. type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header @@ -22205,7 +22496,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -22552,7 +22843,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22658,7 +22949,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -22714,6 +23005,11 @@ spec: type: object spec: properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string projectRef: oneOf: - not: @@ -22797,7 +23093,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23196,7 +23492,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23414,7 +23710,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23577,7 +23873,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -23865,7 +24161,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24043,7 +24339,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24213,7 +24509,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24490,7 +24786,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24686,7 +24982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -24912,7 +25208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25173,7 +25469,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25340,7 +25636,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -25501,7 +25797,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28195,7 +28491,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28394,7 +28690,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28766,7 +29062,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29082,7 +29378,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29671,7 +29967,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30681,6 +30977,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -31092,6 +31392,26 @@ spec: By default, no private IPv6 access to or from Google Services (all access will be via IPv4). type: string + protectConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + workloadConfig: + description: WorkloadConfig defines the flags to enable or disable + the workload configurations for the cluster. + properties: + auditMode: + description: Mode defines how to audit the workload configs. + Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: WorkloadVulnerabilityMode defines mode to perform + vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, + DISABLED, BASIC. + type: string + type: object releaseChannel: description: Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. @@ -31286,7 +31606,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -31578,6 +31898,10 @@ spec: cpuManagerPolicy: description: Control the CPU management policy on the node. type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer required: - cpuManagerPolicy type: object @@ -31931,7 +32255,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32127,7 +32451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32301,7 +32625,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32427,7 +32751,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -32713,7 +33037,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -32992,7 +33316,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -33287,7 +33611,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -35102,7 +35426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -37044,7 +37368,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -41220,7 +41544,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -41832,7 +42156,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -43308,7 +43632,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -43679,7 +44003,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44066,7 +44390,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44262,7 +44586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -44460,7 +44784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -44949,7 +45273,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -45171,7 +45495,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -45500,7 +45824,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -45654,7 +45978,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -45867,7 +46191,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46200,8 +46524,8 @@ spec: description: Manage Mesh Features properties: controlPlane: - description: 'Whether to automatically manage Service Mesh control - planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL' type: string management: @@ -46299,7 +46623,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46539,7 +46863,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -46904,7 +47228,208 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47065,7 +47590,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47205,7 +47730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47530,7 +48055,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47758,7 +48283,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -47998,7 +48523,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -48177,7 +48702,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -48319,7 +48844,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -48571,7 +49096,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -48752,7 +49277,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49048,7 +49573,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49215,7 +49740,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49341,7 +49866,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -49495,7 +50020,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50187,7 +50712,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50370,7 +50895,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50587,7 +51112,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -50740,7 +51265,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -50932,7 +51457,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51058,7 +51583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51342,7 +51867,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51617,7 +52142,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52038,7 +52563,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52442,7 +52967,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52746,7 +53271,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53083,7 +53608,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53898,7 +54423,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -60780,7 +61305,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -60971,7 +61496,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61266,7 +61791,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61393,7 +61918,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -61694,7 +62219,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62265,7 +62790,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62424,7 +62949,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62803,7 +63328,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -62985,7 +63510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63330,7 +63855,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63588,7 +64113,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -63817,7 +64342,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64061,7 +64586,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64382,7 +64907,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64608,7 +65133,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65075,7 +65600,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65809,7 +66334,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65985,7 +66510,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66315,7 +66840,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66636,7 +67161,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67405,7 +67930,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68407,7 +68932,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68903,7 +69428,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -69901,7 +70426,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -70812,7 +71337,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -71228,7 +71753,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71453,7 +71978,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71609,7 +72134,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -71765,7 +72290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -72186,7 +72711,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -72403,7 +72928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -72639,7 +73164,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73122,7 +73647,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73300,7 +73825,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -73581,7 +74106,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -74463,7 +74988,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74725,7 +75250,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74928,7 +75453,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75148,7 +75673,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75305,7 +75830,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75457,7 +75982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75604,7 +76129,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75782,7 +76307,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -75923,7 +76448,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76122,7 +76647,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76329,7 +76854,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76469,7 +76994,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76640,7 +77165,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -76732,6 +77257,10 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string maintenanceVersion: description: Maintenance version. type: string @@ -77350,7 +77879,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77526,7 +78055,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77767,7 +78296,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -77937,7 +78466,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78311,7 +78840,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78497,7 +79026,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -78700,7 +79229,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79211,6 +79740,16 @@ spec: required: - rootDirectory type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string transferOptions: description: Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink @@ -79309,7 +79848,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79486,7 +80025,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79651,7 +80190,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79825,7 +80364,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.101.0 + cnrm.cloud.google.com/version: 1.102.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/samples/resources/cloudfunctionsfunction/eventtrigger-with-storagebucket/storage_v1beta1_storagebucket.yaml b/samples/resources/cloudfunctionsfunction/eventtrigger-with-storagebucket/storage_v1beta1_storagebucket.yaml index 94328705e9..0d085f8278 100644 --- a/samples/resources/cloudfunctionsfunction/eventtrigger-with-storagebucket/storage_v1beta1_storagebucket.yaml +++ b/samples/resources/cloudfunctionsfunction/eventtrigger-with-storagebucket/storage_v1beta1_storagebucket.yaml @@ -23,5 +23,6 @@ spec: type: Delete condition: age: 7 + withState: ANY versioning: enabled: true diff --git a/samples/resources/iamaccessboundarypolicy/iam_v1beta1_iamaccessboundarypolicy.yaml b/samples/resources/iamaccessboundarypolicy/iam_v1beta1_iamaccessboundarypolicy.yaml new file mode 100644 index 0000000000..80de6384ef --- /dev/null +++ b/samples/resources/iamaccessboundarypolicy/iam_v1beta1_iamaccessboundarypolicy.yaml @@ -0,0 +1,34 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMAccessBoundaryPolicy +metadata: + name: accessboundary-sample +spec: + projectRef: + # Replace "${PROJECT_ID?}" below with your project ID + external: "cloudresourcemanager.googleapis.com%2Fprojects%2F${PROJECT_ID?}" + displayName: Access Boundary Sample + rules: + - description: "Sample access boundary rule" + accessBoundaryRule: + availableResource: "*" + availablePermissions: + - "*" + availabilityCondition: + title: "Access level expr" + # Replace "${ORG_ID?}" with the numeric ID for your organization and + # replace "${ACCESS_LEVEL?}" with the full name of your access level + expression: "request.matchAccessLevels('${ORG_ID?}', ['${ACCESS_LEVEL?}'])" diff --git a/samples/resources/storagebucket/storage_v1beta1_storagebucket.yaml b/samples/resources/storagebucket/storage_v1beta1_storagebucket.yaml index 147866c9ee..2d7fabc7b5 100644 --- a/samples/resources/storagebucket/storage_v1beta1_storagebucket.yaml +++ b/samples/resources/storagebucket/storage_v1beta1_storagebucket.yaml @@ -27,6 +27,7 @@ spec: type: Delete condition: age: 7 + withState: ANY versioning: enabled: true cors: